My Yahoo! Search Spam Vulnerability

[xploitable <xploitable () gmail com>]

Yahoo! Tuesday released a new service dubbed as My Yahoo! Search
http://mysearch.yahoo.com. This allows users to search, save and share
web links they like, while using Yahoo! Search, with friends and
co-workers.

Problem: My Yahoo! Search allows users to archive saved web links. You
can send any web link to any e-mail address on the web using at the
location http://mysearch.yahoo.com/myresults/handler. This allows a
malicious user to spam Yahoo! Mail network with any link and message a
malicious user chooses.

The mail will go straight to a consumers inbox, instead of bulk
folder. This allows a malicious user to very quickly use up consumers
storage space (100MB). Also malicious users can use this to send junk
links, porn or other malicious links, for further exploration,
although this is a seperate issue from the spam vulnerability.

A malicious user as you may imagine is also able to attack Yahoo! mail
servers via the mailer, in a possible coordinated attack using a
zombie network. Also can  make money from free link/website
advertising via the My Yahoo! Search link mailer.

The new service My Yahoo! Search in my opinion raises security
questions and how marketing companies will use this as a spam tool,
with or without the inbox vulnerability, which i have disclosed to you
today.

Yahoo! the vendor has not been contacted, as its beyond a joke now.
Three similar vulnerabilities have been found this year. Yahoo!
security team fail to review new Yahoo! projects before they go live
on any Yahoo! property.

Yahoo! Messenger 6 invite mailer was vulnerable and exploitable. (summer 2004)

Yahoo! New Homepage invite mailer was vulnerable and exploitable. (autumn 2004)

My Yahoo! Search link mailer is vulnerable and exploitable. (autumn 2004)

-- 
http://www.geocities.com/n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html