Full Disclosure mailing list archives

WWW.EEM.PT - Consultation Request Encoding Flaw

From: Hacxx Under <hacxx20 () gmail com>
Date: Tue, 11 Oct 2011 15:08:45 +0100

A flaw exists in WWW.EEM.PT Consultation Request. The Consultation
Request is used for client notification aswell as client registration.

URL: http://eemnet.eem.pt/DesktopDefault.aspx?context=search_requests

Alphanumeric example: LL54949

In the example the request is 54949 and the two random letters are LL.
Since the two random letters is the password, there are only 729
possible combinations...

-----
Last Disclosure on my behalf - HACXX

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

WWW.EEM.PT - Consultation Request Encoding Flaw Hacxx Under (Oct 11)