Holes in "2037 Gestion Liens Alpha"

From: Frog Man (leseulfrogat_private)
Date: Sat Feb 09 2002 - 05:20:42 PST

Next message: b_1995: "Re: chaging your @home IP address... could you take a bunch of them....probably... could you get something from it...maybe"

Previous message: Crist J. Clark: "Re: Comcast man-in-the-middle attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The first hole allows to acceder in the admin links menu.
For that purpose, it is enough to send a cookie with the name " cliens " and 
the value " admin_access " on the page 
www.host.com/links2037filename?fct=admin&idmpdv=Administrez .

The second allows to by-pass the security against crack.
Normally, 3 login attempts are allowed. But with the url 
www.host.com/links2037filename?fct=log&hacker=-1000 , 1003 login attemps are 
allowed.

2037links has been alerted.
More details in french :
http://www.bal-team.t2u.com/Tuts/liens2037.txt

frog-m@n



_________________________________________________________________
Téléchargez MSN Explorer gratuitement à l'adresse 
http://explorer.msn.fr/intl.asp.

Next message: b_1995: "Re: chaging your @home IP address... could you take a bunch of them....probably... could you get something from it...maybe"
Previous message: Crist J. Clark: "Re: Comcast man-in-the-middle attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Feb 09 2002 - 09:12:53 PST