Vulnerability Development mailing list archives
Re: login yahoogroups.
From: Rafael Anschau <rhanscha () terra com br>
Date: Sun, 30 Jun 2002 14:17:33 -0300
I conjecture that the extra chars will be stored somewhere and removed later on. Therefore, the login will be parsed "cleanly". Question 1: Is it possible to bypass the parser process through characters not included in the parser table ? Question2: Is there a naive buffer, without bounderies checking, just awaiting for the login ? []'s Woody
I have several yahoo accounts that have special characters in them (-, @ and $). Yahoo supresses some characters like @ but does not supress dashes or dots. Spaces are replaced with +'s. I guess } is supressed; I know this from ymessenger, and since yahoo uses the same authentication scheme for all their services, I'm sure it applies to yahoo groups too. $0.02 Alonso Caballero said:Subject: login yahoogroups. Saludos: Well; when i sign in to my account in yahoogroups, i typed other characters in the end of my yahoo ID, for example: My 'original' yahoo ID is: alabedsarc But i type... pay attention... alabedsarc{
Current thread:
- login yahoogroups. Alonso Caballero (Jun 22)
- Re: login yahoogroups. Arturo "Buanzo" Busleiman (Jun 22)
- RE: login yahoogroups. Brenna Primrose (Jun 22)
- Re: login yahoogroups. Armish (Jun 22)
- RE: login yahoogroups. Brenna Primrose (Jun 22)
- Re: login yahoogroups. Mr Slippery (Jun 22)
- Re: login yahoogroups. vodka (Jun 22)
- Re: login yahoogroups. Rafael Anschau (Jun 30)
- <Possible follow-ups>
- RE: login yahoogroups. Alonso Caballero (Jun 26)
- Re: login yahoogroups. Arturo "Buanzo" Busleiman (Jun 22)