mailing list archives
[INetCop Security Advisory] ++Danger++ Outblaze Web based e-mail that is exposed in very dangerous state !!!
From: "dong-h0un U" <xploit () hackermail com>
Date: Wed, 19 Mar 2003 23:46:50 +0800
INetCop Security Advisory #2003-0x82-014.c
* Title: ++Danger++ Outblaze Web based e-mail that is exposed in very dangerous state !!!
Outblaze Web based e-mail is used solution worldwide.
Our INetCop Security in Outblaze Web based e-mail solution
user fatal vulnerability that can get other user's password find.
0x02. Vulnerable Sites
Vendor site: ? http://www.outblaze.com (Desire to visit.)
Exploit can succeed manufacturing user's cookie.
1. First, read user's cookie.
2. Change mail id, domain, etc... cookie informations.
3. Send changed informations to mail server.
If apply this method, can hack page that change user's information.
Also, can get relevant user password hint's answer.
Outblaze solution informs password when user lost password conveniently. But, this is weakness.
This method is possibility that attack other user account that use password that cracker is like.
We notified this truth to Outblaze Web based e-mail solution before.
Soon is going to become patch.
P.S: Sorry, for my poor english.
By "dong-houn yoU" (Xpl017Elz), in INetCop(c) Security.
MSN & E-mail: szoahc(at)hotmail(dot)com,
INetCop Security Home: http://www.inetcop.org (Korean hacking game)
My World: http://x82.i21c.net & http://x82.inetcop.org
GPG public key: http://x82.inetcop.org/h0me/pr0file/x82.k3y
Get your free email from http://www.hackermail.com
Powered by Outblaze
- [INetCop Security Advisory] ++Danger++ Outblaze Web based e-mail that is exposed in very dangerous state !!! dong-h0un U (Mar 19)