Full Disclosure mailing list archives
WWW.EEM.PT - Consultation Request Encoding Flaw
From: Hacxx Under <hacxx20 () gmail com>
Date: Tue, 11 Oct 2011 15:08:45 +0100
A flaw exists in WWW.EEM.PT Consultation Request. The Consultation Request is used for client notification aswell as client registration. URL: http://eemnet.eem.pt/DesktopDefault.aspx?context=search_requests Alphanumeric example: LL54949 In the example the request is 54949 and the two random letters are LL. Since the two random letters is the password, there are only 729 possible combinations... ----- Last Disclosure on my behalf - HACXX _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- WWW.EEM.PT - Consultation Request Encoding Flaw Hacxx Under (Oct 11)