Thursday, April 12, 2007

Yahoo hacked?



Here's what I found when i tried to access mail.yahoo.com.






<?PHP
ini_set('display_errors', 0);
$data = yahoo_reg_login_setup();

if ( $data === FALSE )
{
exit();
}
else if ( ! isset( $data['DISPLAY_FORM'] ) )
{
error_log( "yahoo_reg_login_setup didn't set the DISPLAY_FORM field" );
header( "Location: http://login.yahoo.com/");
exit();
}

$tstname = @$data['.testname'];
$src = @$data['.src'];
$partner = @$data['.partner'];
$intl = @$data['.intl'];

// This is a hack put in place so that persistancy files are
// picked from the regular html directory.
// yinst packaging didn't allow for the multiple links to be created
// with one single command.
if($tstname == "tst_pst") {
$tstname = "";
}

// Adding support for pkg using PHP
if(($data['pkg'] != null) && ($data['pkg'] != "" ))
{
$data['.abs_path'] = "/home/y/share/htdocs/idaho/php/${intl}_shrkwp";
$res=include("/home/y/share/pear/Yahoo/reg/logic/shrkwp.inc");
}

// Adding support for .partner via PHP
// If both .src and .partner are present, and .src=ym, then .src takes
// precedence, else .partner takes precedence. - Aanchal, Bug #368481
// Please note that if in future, a more complicated pprecednce has to
// be added, the priorityMap array from propTemplate.inc.ros and
// header.inc.ros should be used.
// Disabling the src=ym precedence over the partner user as ym is not
// converted in intls like ca and cf and users end up seeing the older
// login_verify page for ym. It is better if we show them the partner
// branding. - bug # 652617
//else if(($src != null) && ($src != "") && ($src == "ym"))
//{
//$data['.abs_path'] = "/home/y/share/htdocs/idaho/php/${tstname}/${intl}_${src}";
//$res=include("/home/y/share/htdocs/idaho/php/${tstname}/${intl}_${src}/login/${data['DISPLAY_FORM']}");
//}
else if(($partner != null) && ($partner != ""))
{
$data['.abs_path'] = "/home/y/share/htdocs/idaho/php/${tstname}/${intl}_${partner}";
$res=include("/home/y/share/htdocs/idaho/php/${tstname}/${intl}_${partner}/login/${data['DISPLAY_FORM']}");
}
else if(($src != null) && ($src != ""))
{
$data['.abs_path'] = "/home/y/share/htdocs/idaho/php/${tstname}/${intl}_${src}";
$res=include("/home/y/share/htdocs/idaho/php/${tstname}/${intl}_${src}/login/${data['DISPLAY_FORM']}");
}
else
{
$data['.abs_path'] = "/home/y/share/htdocs/idaho/php/${tstname}/${intl}";
$res=include("/home/y/share/htdocs/idaho/php/${tstname}/${intl}/login/${data['DISPLAY_FORM']}");
}

// This check is put in place to avoid showing a blank login page
// when some test is set in common_login.conf and that test package is not
// installed on the machine.
// Ideally this should not happen. - Aanchal, Feb 3, 2005
// Bug # 305858
if($res != '1')
{
$data['.abs_path'] = "/home/y/share/htdocs/idaho/php/${intl}";
include("/home/y/share/htdocs/idaho/php/${intl}/login/${data['DISPLAY_FORM']}");
}
?>


No comments:

Post a Comment