RE: login yahoogroups.

["Brenna Primrose" <drxlecter () phreaker net>]

Confirmed with Internet Explorer 6

Login: absolut_contagion} - works
Login: absolut_contagion+ - does not work
Login: absolut_contagion' - works

Confirmed with Mozilla 1.1a

Login: absolut_contagion} - works
Login: absolut_contagion+ - does not work
Login: absolut_contagion' - works

I was able to reproduce this on http://groups.yahoo.com - I will
continue to investigate the limitations of the "junk" characters after
the user name.  I will also see if this works on other parts of Yahoo of
if it is limited to Groups.

Brenna

AIM - abosolut x psycho
Yahoo! - absolut_contagion
ICQ - 1363187
MSN - r00t () creighton edu
http://gsa.creighton.edu
http://profiles.yahoo.com/absolut_contagion
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GSS d-- s: a-- C++ UL++++ P+ L+ E W++ N+ o-- K- w+ 
O-- M V-- PS++ PE Y+ PGP- t-- 5-- X++ R- tv+ b+++ DI D+ 
G e* h- r++ x+ 
------END GEEK CODE BLOCK------

-----Original Message-----
From: Arturo "Buanzo" Busleiman [mailto:buanzo () buanzo com ar] 
Sent: Saturday, June 22, 2002 12:06 PM
To: Alonso Caballero
Cc: vuln-dev () securityfocus com
Subject: Re: login yahoogroups.

On Sat, 22 Jun 2002, Alonso Caballero wrote:

>   Saludos:
Greetings, my RareGaZz TEAM Partner. How cool to meet you here.

>   And after typed my password, and... for my surprise... I log in
> succesfully to my yahoo account;

Which Yahoo client are you using? Windows original? I mean, are you sure
the password is not saved anywhere? Have you tried with other accounts?


Has anyone been able to verify this?

Arturo "Buanzo" Busleiman
RareGaZz Team
www.buanzo.com.ar