Bugtraq mailing list archives
Re: BT/Cellnet Genie vulnerability
From: james () CLOUD9 CO UK (James Fidell)
Date: Wed, 15 Sep 1999 09:43:38 +0100
I wrote:
The webmail service from BT Cellnet's Genie site appears have a vulnerability which allows any user to read messages irrespective of their intended recipient. Once logged in, other messages can be retrieved by merely changing the message-id in the URL for your own messages.
Engaging brain and writing this a little more clearly... The Web server logs all SMS messages sent from the site to a mobile phone. The log is displayed once a Genie user has sean SMS message, which requires authentication. By selecting a message sent by themselves, it's then possible to modify the URL used to retrieve your own message to read other messages sent via the service. James. -- "Yield to temptation -- | Consultancy: james () cloud9 co uk it may not pass your way again" | http://www.cloud9.co.uk/james | - Lazarus Long | James Fidell
Current thread:
- BT/Cellnet Genie vulnerability James Fidell (Sep 15)
- Re: BT/Cellnet Genie vulnerability James Fidell (Sep 15)
- Vulnerability in dtaction on Digital Unix Zack Hubert (Sep 16)
- Re: Vulnerability in dtaction on Digital Unix Eric Gatenby (Sep 16)
- Nmap and Cisco Dos, clarification -- Lancashire, Andrew (Sep 22)
- Re: Nmap and Cisco Dos, clarification -- Darren Reed (Sep 23)
- LD_PROFILE local root exploit for solaris 2.6 Steve Mynott (Sep 22)
- Re: LD_PROFILE local root exploit for solaris 2.6 Brock Sides (Sep 23)
- Re: LD_PROFILE local root exploit for solaris 2.6 Erik Fichtner (Sep 23)
- Announcing Second Annual TooRcon Computer Security Expo Ben (Sep 25)
- Re: Vulnerability in dtaction on Digital Unix Eric Gatenby (Sep 16)
- Re: LD_PROFILE local root exploit for solaris 2.6 Casper Dik (Sep 24)
- Re: LD_PROFILE local root exploit for solaris 2.6 Eric Daniel (Sep 28)