Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Andrew G. Tereschenko (secure.bugtraq_at_tag.odessa.ua)
Date: Fri Aug 30 2002 - 06:54:12 CDT
----- Original Message -----
From: "Colt Peacemaker" <colt45sdf.lonestar.org>
Sent: Friday, August 30, 2002 8:46 AM
> Heh. Posting on full-disclosure seems to have set the cat among the
> pigeons there ...
> AFAICT they seem to have disabled a lot of other stuff over the last 12
Disagree. They was unable to completely fix HTML attachment bug.
Mail.com has all bugs discovered in other free email systems for last 2-3 years.
in onSubmit event
Mail.com has changed /scripts/common/profile.cgi script. (finaly !!).
But i still think that it's possible to get session cookies and use them for evil purpose.
I give ~15 hours to Mail.com to find solution and will
update my example email if they will fail.
Not a complete solution.
-- Andrew G. Tereschenko TAG Software Research Lab Odessa, Ukraine
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html