lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Jan 2009 19:12:33 -0500
From: ghost <ghosts@...il.com>
To: Tribal MP <tribalmp@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: NO-IP service Flaw

Posts like these are just as bad as n3td3v posts. Here's an idea,
learn security, then come back with something interesting.

kthnx


On Mon, Jan 26, 2009 at 10:47 AM, Tribal MP <tribalmp@...il.com> wrote:
> A flaw exists in NO-IP service while updating the status. The problem
> reside in the URL and corresponding variables because they are send in
> plain text.
>
> By monitoring HTTP traffic in a machine using NO-IP DUC it's possible
> to intercept the username, password and subdomain for the account.
>
> Example:
> http://dynupdate.no-ip.com/ducupdate.php?username=email@email.com&pass=123456789&h[]=subdomain.no-ip.biz
>
>
> Fabio Pinheiro
> http://dicas3000.blogspot.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ