Full Disclosure mailing list archives
Yahoo! Spam Filter Vulnerability
From: xploitable <xploitable () gmail com>
Date: Tue, 28 Sep 2004 18:01:28 +0100
Yahoo! Tuesday made public a preview of its coming new and improved homepage. A link from Yahoo!s homepage takes you to http://www.yahoo.com/promos/learn.html, where users can learn more about the new and improved functionality. On the learn.html page is a link http://promotions.yahoo.com/frontpage_04/ud/fp2_taf.html to invite friends or co-workers to view the New and Improved Homepage. This feature allows anyone to spam the Yahoo! Mail servers. Consumer or Corporate mailboxes will be flooded with repeated invites, if a malicious users codes a simple program to do so. All spammed invites do not goto the bulk folder as they should, they arrive on the inbox, as repeated invites. This allows a malicious users to quickly bring Yahoo! Mail network to a crawl and fill up a victims storage space very, very quickly. Yahoo! were notified of a similar vulnerability for its Yahoo! Mail spam filters earlier this year with regards of its invite feature, on the Yahoo! Messenger 6 IM client, it seems Yahoo! do not learn from past mistakes. For this current vulnerability, the vendor has not been contacted. Happy Yahoo! Mail flooding. Discovered today by n3td3v -- http://www.geocities.com/n3td3v - Yahoo! Security Forum *Online*. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Yahoo! Spam Filter Vulnerability xploitable (Sep 28)
- Message not available
- Message not available
- Re: Yahoo! Spam Filter Vulnerability xploitable (Sep 29)
- Message not available
- Message not available