Yahoo! Spam Filter Vulnerability

[xploitable <xploitable () gmail com>]

Yahoo! Tuesday made public a preview of its coming new and improved homepage.

A link from Yahoo!s homepage takes you to
http://www.yahoo.com/promos/learn.html, where users can learn more
about the new and improved functionality.

On the learn.html page is a link
http://promotions.yahoo.com/frontpage_04/ud/fp2_taf.html to invite
friends or co-workers to view the New and Improved Homepage.

This feature allows anyone to spam the Yahoo! Mail servers. Consumer
or Corporate mailboxes will be flooded with repeated invites, if a
malicious users codes a simple program to do so.

All spammed invites do not goto the bulk folder as they should, they
arrive on the inbox, as repeated invites.

This allows a malicious users to quickly bring Yahoo! Mail network to
a crawl and fill up a victims storage space very, very quickly.

Yahoo! were notified of a similar vulnerability for its Yahoo! Mail
spam filters earlier this year with regards of its invite feature, on
the Yahoo! Messenger 6 IM client, it seems Yahoo! do not learn from
past mistakes.

For this current vulnerability, the vendor has not been contacted.

Happy Yahoo! Mail flooding.

Discovered today by n3td3v

-- 
http://www.geocities.com/n3td3v - Yahoo! Security Forum *Online*.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html