Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: HAPPY BIRTHDAY: Yahoo & AmericanGreetings.com
From: Ill will <xillwillx () gmail com>
Date: Mon, 22 Nov 2004 19:47:59 -0500

good its my birthday , send me something good



On Mon, 22 Nov 2004 16:17:43 -0500, rp <lists () domain-logic com> wrote:
At 02:02 PM 11/22/2004, you wrote:
<snip>this is not really the case if you know where to look. Also quite
clearly, the $$$ signs blinded those creating the operation because with
30 seconds of time [and that would be Rolex time !], 10-14 variables and
once constant can be changed to allow access, editing and sending of any
one of the 8000 premium cards. Like it says on the site:

"Get access to every eCard - choose from over 8000!"

You better believe it !
Yes, ridiculous.
Instead of adjusting the hidden elements of the form and posting (which
works too)
you can simply adjust the 1 variable in the url for the same effect.

It really does take the joy out of throttling a Turkey.

Anyone want to send that webmaster a sound bite of Donald Trump's 1 liner?

rp



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



-- 
- illwill
http://illmob.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault