Yahoo.Com Reset Page Wicked Behavior

[sandeep l337 <sandeepk.l337 () gmail com>]

Page: https://edit.india.yahoo.com/forgot
Risk Factor : Minor

once, i was just playing with yahoo reset page and i found one
interesting thing there. The password reset steps could be skipped, i
was successful in skipping 1 step and found some interesting behavior
on entering different characters. Here, is what you have to do to
observe it :-

1] Goto URL :-   https://edit.india.yahoo.com/forgot
2] In the My Yahoo ID textbox enter this :- "s
3] You will be passed to next step => Please select an option to reset
your password.

Similarly if u enter the following in the text box u'll find some
interesting things :-
1) "1        =>         Page will ask you B'day , Country of Residence
and Postal Code
2) "12      =>         It will change the yahoo page language
3) "123    =>         It will change the yahoo page language to Korean

After discussing with some expertise i found that it may be a database
default value which is used by programmers for testing purposes.

What do u think?


Peace
Sandeep Kamble

[KarmaCyberIntel.net]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/