erm i dont know if this is a tried and tested exploit but heres something i stumbled accross.
I am trying to make a yahoo messenger program for my project and whilst researching how Yahoo authenticates its users i noticed that as the authentication is sent via http without encryption and that if you search using a crawler for part of that string all sorts of proxy server stats pages pop up showing the mostly viseted pages ... and the logon names and passwords for many yahoo users.
Im probably sayin something very old and boring or you cant even understand what i am trying to say but has anyone else noticed this?