07-19-2004, 03:44 PM
|
||||
|
||||
|
Account Information Leakage, vIa cookie
As you all well know, Yahoo! is promoting their new messenger by using Hoobastank and some meat lol.
You must enter the promotion by going to, http://promotions.yahoo.com/add5friends/ud/enter.html If you are already logged in you will see that this information is already filled out. (hence our problem) With a simple get request to the forementioned page, and a user(s) cookie. It is possible to grab personal information from the account. This is not the first, nor most likely the last time this will happen. So quick recap. 1.) Hoobastank promotion contains personal account information. 2.) Simple Get Request with the users cookie, will display this information. No password needed, since we are using cookies, and yahoo! relies heavely on them. Thats it. 
|
 |
«
Previous Topic
|
Next Topic
»
| Currently Active Users Viewing This Topic: 1 (0 members and 1 guests) | |
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Anyone tried Messenger Plus 2.0? | Jeff | Windows Live Messenger Support | 26 | 03-13-2006 05:34 PM |
| Account unavailiable?? | amberwolf | MSN / WLM Archive | 0 | 11-08-2004 07:55 AM |
| Deleted MSN Account is still here? | beckytjc | MSN / WLM Archive | 19 | 12-22-2003 02:04 PM |
| Protecting yourself from identify theft | Jeff | Online Privacy, Safety & Security | 0 | 05-02-2002 02:47 PM |
All times are GMT -5. The time now is 06:37 PM.
