Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

isn logo Information Security News mailing list archives

Excite in web mail hijack drama
From: InfoSec News <isn () c4i org>
Date: Fri, 22 Mar 2002 02:04:22 -0600 (CST)
http://www.vnunet.com/News/1130317

By James Middleton [21-03-2002]

Security watchers have identified a vulnerability in the web mail
service of internet portal Excite that allows for the hijacking of a
user's account.

According to the experts, when a user logs in to their account through
Excite's web interface, the session is authenticated by a unique URL.

By sending an HTML email which includes an image based on another
server to the victim, an attacker can easily get the unique URL from
the referrer field in the HTTP header.

Simply pasting this into a web browser would drop the attacker
straight into the victim's mailbox with complete control of the
account.

The exploit has been discussed to some degree on security mailing list
Bugtraq, and Eyeonsecurity.net has even published a demonstration of
the attack. Excite has been notified but has not yet responded.

By way of combating the threat, Eyeonsecurity recommends using secure
mode in the browser (HTTPS) to access Excite web mail. This prevents
the referrer URL from being sent out.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

  By Date           By Thread  

Current thread:
  • Excite in web mail hijack drama InfoSec News (Mar 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]