Home page logo

bugtraq logo Bugtraq mailing list archives

Excite Email Disclosure Vulnerability
From: Jan Schaumann <jschauma () netmeister org>
Date: Mon, 18 Mar 2002 18:01:36 -0500

Hello all,

It appears that Excite's use of PHP allows for unauthorized access to a
users mailbox and subsequently his/her account on email.excite.com

Suppose a user receives an E-Mail with a URL and follows the link - the
target server receives a Referer String containing the PHPSESSION-Id
for example).

Copy and paste this into your browser and you have access to that users

I emailed Excite about this on March 9th, but didn't get any response.
A proposed solution for Excite would be to use cookies or to use PHP in
such a manner that it does not transmit the session-id on each link.


finger jschauma () netmeister org
Please do not CC me when replying to messages on a Mailing List.
See Mail-Followup-To header (above) and

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]