lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031024105621.28792.qmail@sf-www2-symnsj.securityfocus.com>
Date: 24 Oct 2003 10:56:21 -0000
From: Zrekam <zrekam@...systems.com>
To: bugtraq@...urityfocus.com
Subject: SiteKiosk terminal software




I have found a bug/weakness in the SiteKiosk terminal software, that allows me to use the terminal without paying for the use of it. 

The weakness lays in the rule based system that sets the different charge zones in the terminal. The system allows you to use asterixs(*) in the rules for setting up theese zones, for example you can set:
http://www.cnn.com -> Charge 0,5€ minute
http://*.news.com -> Charge 0,2€ minute( setting * infront of domain allows users to go to www.news.com, www2.news.com and so on allows all hosts to that domain. )

Still yet you have to pay for it anyhow. 

But when you go to your shopping mall, burger king or whatever place that got this terminal, they have always set up a free zone for the current place you are in. for example they set this when you are at burger king:
http://www.burgerking.* --> Charge = free of cost. this means that all burgerking pages will be free, like www.burgerking.com and www.burgerking.com/burger.php?id=32 will all be free pages to visit with the terminal software, because of the zone rules in the burger king restaurant. 

To freely surf at all this places you only have to set up a Wildcarding DNS addressing on a domain you own, you can for example use DNS2Go to set up this on your domain.

Ok, I have bought myself the domain freeterminalsurf.com and set it up with DNS2Go software with DNS wildcarding, which means that I can type whatever I want in front of my domain. like: i.can.surf.freeterminalsurf.com 

all addresses in front of my domain will now point to my ip-address.

So at burger king you can type:  
www.burgerking.com.freeterminalsurf.com and surf free of charge on that address. So what you do is set up a webproxy like anonymizer or safeweb on your server, and this will allow you to surf free of charge at every sitekiosk terminal you find.

Affected systems:
All SiteKiosk versions.

Sincerely,
Zrekam


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ