Security Basics mailing list archives
Brute force risk in Exactseek.com
From: iKincideReceyaNik () yaHoo com
Date: 18 Jan 2006 15:58:05 -0000
"ExactSeek.com is a meta tag search engine and web directory, featuring over 3 million free, enhanced and paid site listings." has a brute force risk in its member panel for the web sites. With the help of this risk, attacker may find the password and member ID and can change the information about the victim's account. Member ID string is 7 characters long and only consist of numbers, Password string is 6 characters long and consist of numbers and letters and password can not change by user. Brief example: URL : http://www.exactseek.com/cgi-bin/member.cgi?m=[MemberID]&p=[PassWorD] --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- Brute force risk in Exactseek.com iKincideReceyaNik (Jan 20)