Google search

Friday, January 22, 2010

Yahoo! Chat Disconnect - Remote DoS Attack

. Friday, January 22, 2010


A vulnerability exists in Yahoo!'s chat server architecture that allows for chatters to be remotely disconnected via the Yahoo! Mobile login service. In order to exploit this vulnerability you will need only a web browser and a text editor. Open up a text editor and type out exactly 15,334 characters (copy and paste and keep track of course). After this is done surf to and log in with a 'bot' (bot meaning the attacking ID which can be any Yahoo! name). From here click the link that is labeled "Add Friend" OR "Send Message". In the Yahoo! ID: field specify a victim/target and where the Message: field is copy and paste all 15,334 characters into this field. Now send this payload and the target that you specified will be disconnected instantly. If exploiting through "Add Friend" it is especially annoying as it not only disconnects you but it also keeps you signed out until this vulnerability is fixed. The reason why this happens is because Yahoo! has a bug where the chat server will continue to send you Add Buddy requests repeatedly even after you've approved or denied them. This means that each and every time you sign in you will be disconnected immediately if hit by this exploit. This is the particularly nasty exploit of the two (the other being a mobile private message).

download link......


:)) ;)) ;;) :D ;) :p :(( :) :( :X =(( :-o :-/ :-* :| 8-} :)] ~x( :-t b-( :-L x( =))

Post a Comment

YahooNext powered by |