[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SiteKiosk terminal software
- To: bugtraq@securityfocus.com
- Subject: SiteKiosk terminal software
- From: Zrekam <zrekam@badsystems.com>
- Date: 24 Oct 2003 10:56:21 -0000
I have found a bug/weakness in the SiteKiosk terminal software, that allows me
to use the terminal without paying for the use of it.
The weakness lays in the rule based system that sets the different charge zones
in the terminal. The system allows you to use asterixs(*) in the rules for
setting up theese zones, for example you can set:
http://www.cnn.com -> Charge 0,5? minute
http://*.news.com -> Charge 0,2? minute( setting * infront of domain allows
users to go to www.news.com, www2.news.com and so on allows all hosts to that
domain. )
Still yet you have to pay for it anyhow.
But when you go to your shopping mall, burger king or whatever place that got
this terminal, they have always set up a free zone for the current place you
are in. for example they set this when you are at burger king:
http://www.burgerking.* --> Charge = free of cost. this means that all
burgerking pages will be free, like www.burgerking.com and
www.burgerking.com/burger.php?id=32 will all be free pages to visit with the
terminal software, because of the zone rules in the burger king restaurant.
To freely surf at all this places you only have to set up a Wildcarding DNS
addressing on a domain you own, you can for example use DNS2Go to set up this
on your domain.
Ok, I have bought myself the domain freeterminalsurf.com and set it up with
DNS2Go software with DNS wildcarding, which means that I can type whatever I
want in front of my domain. like: i.can.surf.freeterminalsurf.com
all addresses in front of my domain will now point to my ip-address.
So at burger king you can type:
www.burgerking.com.freeterminalsurf.com and surf free of charge on that
address. So what you do is set up a webproxy like anonymizer or safeweb on your
server, and this will allow you to surf free of charge at every sitekiosk
terminal you find.
Affected systems:
All SiteKiosk versions.