Home › Forums › Archives › Instant Messaging › Yahoo! Messenger Support › Yahoo exploit- login disconnect
- This topic has 42 replies, 9 voices, and was last updated 15 years, 9 months ago by khudro.
-
AuthorPosts
-
January 7, 2007 at 10:46 pm #25719camelMember
programmers have found a exploit to disconnect whole chat rooms from server its not pm based or anything and hits all clients all login protocals… i have been chatting for 5 yrs and never been this clueless how to stop it when i pull up the packet in etherdetect its like im loggin myself off packets coming from own ip. does anyone have a clue how to stop this?
January 8, 2007 at 12:01 am #155024tim2679MemberIts called a room boot, and its nothing new. Instead of sending a message to
a pm box it sends a message to a chat room. As for you packet sniffer you are
only going to see two ip’s, yours and the yahoo server.January 8, 2007 at 12:33 am #155022camelMemberyes i no it is a room boot i spend hrs n hrs a day on yahoo i have played with all the toys and stuff but this isnt ur typical room boot its disconnects everything and is a exploit in the servers i have read bout this prog on some programming forums they tryin to keep this exploit hush so it doesnt get patched im not a noobie on boots disconnects and packets, i do have a clue but this is diff no matter who you are and what u no ur gone! this is a recent exploit not something old
January 8, 2007 at 1:43 am #155014imported_Ven0mMemberYes, there is a exploit out that can disconnect anyone who isn’t using YTK Pro or YMLite under Gawd Mode or those using the YMSG/HTTP connection. Anyone else is a sitting duck.
January 8, 2007 at 2:51 am #155007DermotParticipantThis is a common occurance lately
And one im gonna report to yahoo again
a chat A8 packet has a 124 type part that people could put extra emote data or other stuff into.
Clients used the part of the packet for chat inf data like version, time, build number etc.
these “booters” fill this 124 part up with over 10k of data ..that yahoo allows to be sent and you see it as a normalr chatroom packet but the 124 part is massive and once flooded will disconnect even the fast enough connections.
Yahoo! really need to fix this.
I implore anybody to go complain to yahoo about this as it seems to fall upon deaf ears at times.
tell them booters are filling up the 124 part of a chatroom packet.
[packet $A8 Chatroom] «size 10165»104¤Yahoo! Chat Help:1¤109¤bla_b00ted193¤117¤Hi everyone :D¤124¤1(THEY CAN PLACE 10K OF DATA HERE)¤
Send this example on how they do it if you must.
January 8, 2007 at 3:13 am #155025tim2679MemberWell if they fix that the chat clients will also not be allowed to send there extra
data that way either. And Camel never said you was a noobie was just making
the point that packet that is sent to disconnect people was not new it has just
been modified as Dermot has pointed out. lolJanuary 8, 2007 at 6:48 am #155023camelMemberok found kind of a fix ya have to be in newest ymlite type in /gawdBR2 the room hit enter this will make u completely unbootable but the only font you will see in the room is your own but ya have voice and can talk crap all ya want and they can see ya but ya cant see them if they typin back only by hearin them. doesnt do much good not being able to see the room but i guess this is what yahoo gets for only having 1 login protocal i want ychat back!
January 8, 2007 at 7:09 am #155026tim2679Memberlol like I said, there is not much you can do. Yes you can use YmLite or YTK Pro
however like you said you don’t see what going on in the chat room until the
booter has stopped booting the room. So in a sense you might as well be kicked
out of the chat room.January 8, 2007 at 10:09 pm #155015imported_Ven0mMemberTry reporting it here, as it’s Yahoo! Messenger’s ‘official’ blog, so try posting a comment to one of their entries. I’m sure you can get their attention…
January 9, 2007 at 2:14 am #155016Torseq Tech.MemberFor YTK Pro users and YMLite…
I posted a workaround a couple days ago on my forum (forum.ytkpro.com) to temporarily solve this newer generation room boot exploit.
You can find the workaround here: YTK Pro Community Support Forum :: View topic – Single Packet Server-Side Room Boot/Workaround (Must Read!)
Having the ability myself to exploit this vulnerability in the server I know it’s pretty serious and will become much more serious when it’s widespread (if that ever happens).
January 9, 2007 at 3:40 am #155008DermotParticipantPersonally i would rather it did become widespread to get yahoo!’s attention quicker
reason i have no issues with posting about it.
sometimes you gotta slap yahoo in the face to wake up to issues.
January 25, 2007 at 6:59 am #155017Torseq Tech.MemberConsider Yahoo! “slapped in the face” as I just wrote an ‘Open Letter’ to them, on their Blog spot, and gave specific information concerning this broadcast room boot vulnerability and exploiting it. The Yahoo! Messenger Development Team has 5 days (until the 30th) to comply and resolve this issue or I promised them that I would indeed go Public (to Secunia and Bugtraq) with working “Proof-of-Concepts” complete with a fully detailed advisory. This is complete negligence on their behalves and they’ve been given more than a fair amount of time to patch this hole. If they don’t meet the deadline they’ll regret it when every network security professional around the world is criticizing them (more so even than they’re doing now).
Y! Messenger Dev Team’s Blog spot: Yahoo! Messenger Blog » Let’s Chat
If Yahoo! decides to remove my post there you can alternatively find it on my forum at YTKPro.com: YTK Support Forum :: View topic – EXPECT the Server-Side Room Boot Vuln to be Patched SOON!
The Countdown has Begun…
January 27, 2007 at 3:30 pm #155009DermotParticipantYahoo! have started to filter the field used for this boot.
It’s also causing a lot of delay getting into chat while they do these changes.
hopefully normal chat will return shortly..
January 27, 2007 at 6:22 pm #154993Jeff HesterKeymasterwell If they don’t comply by then, they will shortly after.
Thanks for finding the messenger blog. i hope they really read peoples thoughts
Every new blog they make, I am going to post the following untill they fix it!!!!!
Ever since the java version on chat been removed the chat rooms,
ChatterBox,
ShowBiz Central,
and The Press Box
under the Voice Chat category don’t work.A messege pops up saying “unable to create room.”
I am not trying to create a room, since they are in the room list!
January 27, 2007 at 9:17 pm #155018Torseq Tech.MemberDermot wrote:
Quote:Yahoo! have started to filter the field used for this boot.I just checked today (10 mins ago) if they were validating the message type definition field and they’re not. = I will be checking every couple of hours to see if anything’s been done. I have contacted a direct staff member at Yahoo! and he has told me that a fix might be happening sometime this weekend. I can’t say anymore than that but if it’s true then I won’t have to disclose this to bugtraq etc.
We’ll see… 😎
-
AuthorPosts
- You must be logged in to reply to this topic.