Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Yahoo! Spam Attack Mailers
From: xploitable <xploitable () gmail com>
Date: Wed, 6 Oct 2004 21:58:39 +0100

Should I bother naming the Yahoo! service anymore or just start
listing the mailers.

mailer3.bulk.scd.yahoo.com is vulnerable to be used to attack Yahoo!
mail network and by the way it seems all the bulk mailers are
vulnerable.

I would imagine all the way up the numbers, such as mailer1, mailer2,
mailer3 and so on.

This one is used when a user clicks on a "Add to My Yahoo!". The
service allows Yahoo! consumers to add an RSS Yahoo! module to a
consumers My Yahoo! page. A link is then available for the consumer to
send the same module to a friend.  Also Yahoo! News "E-mail this story
to a friend" uses the same bulk mailer.

All vulnerable to be used to attack Yahoo! Mail accounts. Mail will
goto the inbox and not the bulk mail folder. Allowing a malicious user
to very quickly flood inbox with repeated My Yahoo! RSS module links
or Yahoo! News story links.

Example for My Yahoo! RSS module mail to a friend page:
http://mtf.news.yahoo.com/mailto?url=http%3a//e.my.yahoo.com/config/cstore%3f.opt=content%26.node=1%26.sid=171771&title=Choose+Content&prop=mycstore&locale=us&h1=ymessenger+at+Yahoo!+Groups&h2=n3td3v&h3=http%3a//my.yahoo.com

Example for Yahoo! News story link mail to a friend page:

http://mtf.news.yahoo.com/mailto?url=http%3a//story.news.yahoo.com/news%3ftmpl=story%26u=/ap/20041006/ap_on_re_mi_ea/us_iraq_weapons&title=U.S.+Report+Finds+No+Evidence+of+Iraq+WMD%0a&prop=dailynews&locale=us&h1=ap/20041006/us_iraq_weapons&h2=T&h3=540

-- 
http://www.geocities.com/n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • Yahoo! Spam Attack Mailers xploitable (Oct 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]