Forum Moderators: coopster
Can anyone think off the top of their heads why I wouldn't be able to login to my Yahoo! account with a script? I would think it would be as simple as submitting all of the form variables on mail.yahoo.com to wherever the form submits to (https://login.yahoo.com/config/login?)?
There are a TON of hidden inputs, so I submitted those as well, here is the querystring below (minus my login details of course).
curl_setopt($ch, CURLOPT_POSTFIELDS,".tries=1&.src=flkctx&.md5=&.hash=&.js=&.last=&promo=&.intl=us&.bypass=&.partner=&.u=c8hl7hp2f8s88&.v=0.challenge=xBWBMl.t7XcnPE3HY2yDb0HhWBUF&.yplus=&.emailCode=&pkg=&stepid=&.ev=&hasMsgr=0&.chkP=Y&.done=https://login.yahoo.com/config/validate?.src=flkctx&.pc=5134&.done=http%3A%2F%2Fwww.flickr.com%2Fsignin%2Fyahoo%2F&.pd=flkctx_ver%3d0&login=&passwd=&.persistent=y");
Anyone have any ideas?
Once upon a time, PHP didn't care whether values were submitted by query string or HTTP body, they were all accessible regardless. This proved to be a vulnerability, so well-written code will now not accept query string values if it is not expecting them.
It's possible that Yahoo! don't want third-party scripts to be able to login to their site, so they could make it very tricky for you to get what you want from your Yahoo! account unless you just login the normal way.
