VicTT Posted July 4, 2005 Posted July 4, 2005 Something just crossed my mind..I'm using trillian as a mess client and I've noticed that whenever you receive an add request from someone, you getSOMEONE has added you to their contact list. You may choose to accept or deny this action. You may also add this user to your contact list or ignore this user.Now..the catch is that whenever you click SOMEONE you actually click a link that is yahoo://0:yahoo-profile:SOMEONEOr when you click accept you are actually clicking yahoo://0:yahoo-accept:SOMEONEAnd so forth..I've tried to do this from a normal browser window and it doesn't seem to work..IE reports : Invalid syntax errorMozilla Firefox reports : "yahoo" is an unknown protocolAnd I just KNOW I can do these things from a browser..What am I missing?I've seen this done by a few sites(for example, launching yahoo messenger to message someone)..And I remember it done with parameters passed with "?"..I'm asking this because issuing a "yahoo:pm:<id>" would simplify the hell of automating YM, and it wouldn't be neccesary anymore to fake mouse clicks and such things..I just need to know how it can be done..if anyone has an idea..please contact me, either on PM, or on this thread..Thanx..and excuse my bad english..it's not my native language.. Quote Together we might liveDivided we must fall
VicTT Posted July 4, 2005 Author Posted July 4, 2005 Wow..Never thought it would be this easy..found a "link" that works.. ymsgr:sendIM?SOMEONE This is just plain ol' great..I just need to subvert the browser because it needs confirmation to run YM..Now how do I "call" the link, what is this "link", how does it work?etc..if anyone knows, please tell me.. Quote Together we might liveDivided we must fall
VicTT Posted July 4, 2005 Author Posted July 4, 2005 (edited) Something else I found out while playing with ymsgr:sendIM?<paramerer>.. If you type "ymsgr:sendIM?HELLO%00WORLD", YM 7 opens a window to HELLO..WORLD is ignored..hmm..buffer overflow exploit???I'm just guessing..I'm kind of a newbie with this..anyway..using this 'method', you can send messages to ids that have special chars in them..I'm just certain there's a way to exploit this request.... EDIT: No, I'm not trying to hack yahoo..it's just smth I noticed.. Edited July 4, 2005 by VicTT Quote Together we might liveDivided we must fall
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now