Hello all, It appears that Excite's use of PHP allows for unauthorized access to a users mailbox and subsequently his/her account on email.excite.com Suppose a user receives an E-Mail with a URL and follows the link - the target server receives a Referer String containing the PHPSESSION-Id (http://e19.email.excite.com/msg_read.php?t=0&m=0&s=1&d=1&mid=157&PHPSESSID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX for example). Copy and paste this into your browser and you have access to that users mailbox. I emailed Excite about this on March 9th, but didn't get any response. A proposed solution for Excite would be to use cookies or to use PHP in such a manner that it does not transmit the session-id on each link. -Jan -- finger jschaumaat_private Please do not CC me when replying to messages on a Mailing List. See Mail-Followup-To header (above) and http://www.google.com/search?q=Mail-Followup-To+Header
This archive was generated by hypermail 2b30 : Tue Mar 19 2002 - 15:30:21 PST