Bugtraq mailing list archives

BT/Cellnet Genie vulnerability

From: james () CLOUD9 CO UK (James Fidell)
Date: Wed, 15 Sep 1999 08:57:54 +0100


The webmail service from BT Cellnet's Genie site appears have a vulnerability
which allows any user to read messages irrespective of their intended
recipient.  Once logged in, other messages can be retrieved by merely
changing the message-id in the URL for your own messages.

James.

--
 "Yield to temptation --             | Consultancy: james () cloud9 co uk
  it may not pass your way again"    | http://www.cloud9.co.uk/james
                                     |
        - Lazarus Long               |              James Fidell

Current thread:

BT/Cellnet Genie vulnerability James Fidell (Sep 15)
- Re: BT/Cellnet Genie vulnerability James Fidell (Sep 15)
- Vulnerability in dtaction on Digital Unix Zack Hubert (Sep 16)
  - Re: Vulnerability in dtaction on Digital Unix Eric Gatenby (Sep 16)
    - Nmap and Cisco Dos, clarification -- Lancashire, Andrew (Sep 22)
    - Re: Nmap and Cisco Dos, clarification -- Darren Reed (Sep 23)
    - LD_PROFILE local root exploit for solaris 2.6 Steve Mynott (Sep 22)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Brock Sides (Sep 23)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Erik Fichtner (Sep 23)
    - Announcing Second Annual TooRcon Computer Security Expo Ben (Sep 25)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Casper Dik (Sep 24)

(Thread continues...)