Re: Excite in web mail hijack drama

[InfoSec News <isn () c4i org>]

Forwarded from: Aj Effin Reznor <aj () reznor com>

"InfoSec News was known to say....."
 
> http://www.vnunet.com/News/1130317
>
> By James Middleton [21-03-2002]
>
> Security watchers have identified a vulnerability in the web mail
> service of internet portal Excite that allows for the hijacking of a
> user's account.
>
> According to the experts, when a user logs in to their account through
> Excite's web interface, the session is authenticated by a unique URL.
>
> By sending an HTML email which includes an image based on another
> server to the victim, an attacker can easily get the unique URL from
> the referrer field in the HTTP header.

This is hardly news, other than the size of impact that may be
realized since this is Excite.

I posted an almost identical advisory Oct. 30th 2001 to BugTraq,
only it was in http://community.sierra.com/

I suspect many, many sites and software packages are open to this type
of vulnerability, people just need to look for them.

It's easy, it's simple, and it's there.

My original posting is at:
http://online.securityfocus.com/archive/1/223799


-aj.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.