Home page logo
/

basics logo Security Basics mailing list archives

Brute force risk in Exactseek.com
From: iKincideReceyaNik () yaHoo com
Date: 18 Jan 2006 15:58:05 -0000

"ExactSeek.com is a meta tag search engine and web directory, featuring over 3 million free, enhanced and paid site 
listings."

has a brute force risk in its member panel for the web sites.

With the help of this risk, attacker may find the password and member ID and can change the information about the 
victim's account.

Member ID string is 7 characters long and only consist of numbers, Password string is 6 characters long and consist of 
numbers and letters and password can not change by user.

Brief example:

URL : http://www.exactseek.com/cgi-bin/member.cgi?m=[MemberID]&p=[PassWorD]


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Brute force risk in Exactseek.com iKincideReceyaNik (Jan 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]