mailing list archives
My Yahoo! Search Spam Vulnerability
From: xploitable <xploitable () gmail com>
Date: Wed, 6 Oct 2004 02:27:18 +0100
Yahoo! Tuesday released a new service dubbed as My Yahoo! Search
http://mysearch.yahoo.com. This allows users to search, save and share
web links they like, while using Yahoo! Search, with friends and
Problem: My Yahoo! Search allows users to archive saved web links. You
can send any web link to any e-mail address on the web using at the
location http://mysearch.yahoo.com/myresults/handler. This allows a
malicious user to spam Yahoo! Mail network with any link and message a
malicious user chooses.
The mail will go straight to a consumers inbox, instead of bulk
folder. This allows a malicious user to very quickly use up consumers
storage space (100MB). Also malicious users can use this to send junk
links, pr0n or other malicious links, for further exploration,
although this is a seperate issue from the spam vulnerability.
A malicious user as you may imagine is also able to attack Yahoo! mail
servers via the mailer, in a possible coordinated attack using a
zombie network. Also can make money from free link/website
advertising via the My Yahoo! Search link mailer.
The new service My Yahoo! Search in my opinion raises security
questions and how marketing companies will use this as a spam tool,
with or without the inbox vulnerability, which i have disclosed to you
Yahoo! the vendor has not been contacted, as its beyond a joke now.
Three similar vulnerabilities have been found this year. Yahoo!
security team fail to review new Yahoo! projects before they go live
on any Yahoo! property.
Yahoo! Messenger 6 invite mailer was vulnerable and exploitable. (summer 2004)
Yahoo! New Homepage invite mailer was vulnerable and exploitable. (autumn 2004)
My Yahoo! Search link mailer is vulnerable and exploitable. (autumn 2004)
Full-Disclosure - We believe in it.