| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6f4bb0b50901261612m429a88e3qfa6d9ae563636aa@mail.gmail.com> Date: Mon, 26 Jan 2009 19:12:33 -0500 From: ghost <ghosts@...il.com> To: Tribal MP <tribalmp@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: NO-IP service Flaw Posts like these are just as bad as n3td3v posts. Here's an idea, learn security, then come back with something interesting. kthnx On Mon, Jan 26, 2009 at 10:47 AM, Tribal MP <tribalmp@...il.com> wrote: > A flaw exists in NO-IP service while updating the status. The problem > reside in the URL and corresponding variables because they are send in > plain text. > > By monitoring HTTP traffic in a machine using NO-IP DUC it's possible > to intercept the username, password and subdomain for the account. > > Example: > http://dynupdate.no-ip.com/ducupdate.php?username=email@email.com&pass=123456789&h[]=subdomain.no-ip.biz > > > Fabio Pinheiro > http://dicas3000.blogspot.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists