Full Disclosure mailing list archives
iName/Mail.com security holes opens door to millions of e-mail accounts
From: full-disclosure () lists netsys com (Colt Peacemaker)
Date: Fri, 30 Aug 2002 05:46:37 +0000
AGT (Andrew G. Tereschenko) writes:
AGT> It takes for me 6 minutes to invent another example of this bug.
AGT> Not a 100% result, expected ~30%.
AGT> It's an extremly easy to cut navigation items from down of page
AGT> by using unclosed comments.
AGT> Inserting own (linked to evil host) is a one minute task.
Heh. Posting on full-disclosure seems to have set the cat among the
pigeons there ...
AFAICT they seem to have disabled a lot of other stuff over the last 12
hours or so (javascript for example).
--cp
--
Colt Peacemaker (colt45 () sdf lonestar org)
Current thread:
- iName/Mail.com security holes opens door to millions of e-mail accounts Andrew G. Tereschenko (Aug 28)
- iName/Mail.com security holes opens door to millions of e-mail accounts Colt Peacemaker (Aug 29)
- iName/Mail.com security holes opens door to millions of e-mail accounts Andrew G. Tereschenko (Aug 29)
- iName/Mail.com security holes opens door to millions of e-mail accounts Colt Peacemaker (Aug 29)
- iName/Mail.com security holes opens door to millions of e-mail accounts Andrew G. Tereschenko (Aug 30)
- iName/Mail.com security holes opens door to millions of e-mail accounts Andrew G. Tereschenko (Aug 29)
- iName/Mail.com security holes opens door to millions of e-mail accounts Colt Peacemaker (Aug 29)
- iName/Mail.com security holes opens door to millions of e-mail accounts Berend-Jan Wever (Aug 31)