Posting on Behalf of any user/Without joining posting on Yahoo groups.

Yeasir Arafat
Aug 9, 2017 · 2 min read

This was a interesting issues that I have ever found.After watching Zahid Ali’s and Asadul Islam findings I was trying to find similar issues on so many site.After trying and trying I found Yahoo is soo much vulnerable to this bugs.

I tried to find this bug on Yammer,Google classroom, Google Hangout,Facebook and Google groups.I had discovered this bug few of them.

In Yahoo they using a system that every group had a group reply email with own group name and that is the key point of this vulnerability.And I use a smtp server to reply anonymously to that groups.

e,g: example@yahoogroups.com

Here is the details reproduce steps:

1.First Go to https://groups.yahoo.com/ and create a group with any topic, make sure that you have made the group public.
2.Now send invitation to any user and you will be notify via mail.Invitation send to anymail@yahoo.com use here Skylinearafat@gmail.com as a test account.
3.Go to linux terminal for the next steps:
Test Group Email address :
bugsee@yahoogroups.com
Put the below Terminal command and hit enter.
sendemail -f Skylinearafat@gmail.com -t bugsee@yahoogroups.com -u Hello -m testing -s mail.smtp2go.com:2525 -xu engyeasirarafat127@gmail.com -xp pPFvrfHYLLku
Details:
-f command means (From).My test account is Skylinearafat@gmail.com

-t command means (To). That means group email address bugsee@yahoogroups.com

-u command means subject.we can igonre that as this is not necessary.

-m command means message.This is where I will write message/comment.

-s command means server.As we are using smtp2go server so the server location
will be mail.smtp2go.com:2525

-xu means smtp2go user name.Mine is engyeasirarafat127@gmail.com

-xp means sptp2go account password.mine is pPFvrfHYLLku

After hit the enter button comment was appears.Lack of time I can’t explain more.For more watch the poc(proof of concept) video.

Yahoo Pocs

Yahoo has been fixed this issue.

Yeasir Arafat

Bangladeshi Bug Bounty Hunter

Yeasir Arafat

Written by

A Penetration Tester from Bangladesh.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade