Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Danny Ricci (dannydricci.com)
Date: Fri Jan 04 2002 - 14:37:37 CST
I have discovered a serious flaw in the Nick.com Children's TV Site's
Information: Nick.com is a website for Kids whom watch the Nickelodeon
cable channel. They offer a message board area that's moderated heavily
to try to make it one of the safest areas on the net.
Vulnerability: When you create a user and log in to their message board
forum selection and main content inside. This doesn't work too well with
window resizing/scrolling in Mac OS X (my OS of choice) so I chose to
problem, but reviled a major flaw in their user identification system.
The URL is formed like this:
Handle means the Username of the poster. "intgroup" is the Forum/Message
ID. You can change the "handle" part of the URL to _ANY_ name, including
already registered names. You then can post as any username. However,
all messages take up to 24 hours to be "approved," but if the message is
"clean," it usually will be approved, even if the name is fake. This
popup to probably cover this flaw.
I have contacted the webmaster and the domain's whois contact (which
bounced back). Today the site announced a fix which would take place
Fix: Nick.com forum moderators have confirmed they will be switching to
a new message board system this coming Monday, and leaving all former
data behind. This appears to be due to the problem I discovered, however
I was never contacted directly to confirm this.