| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <983112590909100614h7e38fdb0kcc6d61f391d311f0@mail.gmail.com>
Date: Thu, 10 Sep 2009 18:44:46 +0530
From: kalyan <kalyanakumar1985@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Plain Text Password Disclosure vulnerability in
rediff mail
Dear all
is it a good mail?what do you feel guys?.It doesn't encrypting your
passwords
POST /cgi-bin/login.cgi HTTP/1.1
Host: mail.rediff.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3)
Gecko/20090824 Firefox/3.5.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.rediff.com/
Cookie: RuW=1252586041360329; RsW=IND;
RLOC=%5F%5FeZMqPfDceMg%5F%5F4P6Xdf5DkD2%5F%5FtHonjGX8AnI%5F%5Find%5F%5F;
Rt=%3D%3DAMwAjN3czN; accounttype=77;
Rp=g%3D2%26a%3D24%26c%3D08%26s%3D29%26cn%3D099%26z%3D123456%26p%3D034%26e%3D05%26d%3D_04%26i%3D_35_%26dor%3D20060220%26mi%3D3;
RMID=7c7dc92f4aa8f200; RMFS=011MljEWU107fl; app_lang=; ckey=70795
Content-Type: application/x-www-form-urlencoded
Content-Length: 63
login=evil.devil&passwd=*devil.evil*&remember=1&FormName=existing
Regards
Kalyan
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists