Yahoo! Spam Attack Mailers

[xploitable <xploitable () gmail com>]

Should I bother naming the Yahoo! service anymore or just start
listing the mailers.

mailer3.bulk.scd.yahoo.com is vulnerable to be used to attack Yahoo!
mail network and by the way it seems all the bulk mailers are
vulnerable.

I would imagine all the way up the numbers, such as mailer1, mailer2,
mailer3 and so on.

This one is used when a user clicks on a "Add to My Yahoo!". The
service allows Yahoo! consumers to add an RSS Yahoo! module to a
consumers My Yahoo! page. A link is then available for the consumer to
send the same module to a friend.  Also Yahoo! News "E-mail this story
to a friend" uses the same bulk mailer.

All vulnerable to be used to attack Yahoo! Mail accounts. Mail will
goto the inbox and not the bulk mail folder. Allowing a malicious user
to very quickly flood inbox with repeated My Yahoo! RSS module links
or Yahoo! News story links.

Example for My Yahoo! RSS module mail to a friend page:
http://mtf.news.yahoo.com/mailto?url=http%3a//e.my.yahoo.com/config/cstore%3f.opt=content%26.node=1%26.sid=171771&title=Choose+Content&prop=mycstore&locale=us&h1=ymessenger+at+Yahoo!+Groups&h2=n3td3v&h3=http%3a//my.yahoo.com

Example for Yahoo! News story link mail to a friend page:

http://mtf.news.yahoo.com/mailto?url=http%3a//story.news.yahoo.com/news%3ftmpl=story%26u=/ap/20041006/ap_on_re_mi_ea/us_iraq_weapons&title=U.S.+Report+Finds+No+Evidence+of+Iraq+WMD%0a&prop=dailynews&locale=us&h1=ap/20041006/us_iraq_weapons&h2=T&h3=540

-- 
http://www.geocities.com/n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html