mailing list archives
Excite Email Disclosure Vulnerability
From: Jan Schaumann <jschauma () netmeister org>
Date: Mon, 18 Mar 2002 18:01:36 -0500
It appears that Excite's use of PHP allows for unauthorized access to a
users mailbox and subsequently his/her account on email.excite.com
Suppose a user receives an E-Mail with a URL and follows the link - the
target server receives a Referer String containing the PHPSESSION-Id
Copy and paste this into your browser and you have access to that users
I emailed Excite about this on March 9th, but didn't get any response.
such a manner that it does not transmit the session-id on each link.
finger jschauma () netmeister org
Please do not CC me when replying to messages on a Mailing List.
See Mail-Followup-To header (above) and
- Excite Email Disclosure Vulnerability Jan Schaumann (Mar 19)