[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Imail Cookie Vulnerability (unhashed)
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Imail Cookie Vulnerability (unhashed)
- From: Sintigan@xxxxxxxxxxxx
- Date: 5 Jul 2005 04:03:32 -0000
Neither Regular or secure mode of Imail properly give out a hash on cookies
leaving the cookies straight readable to any onlookers.
No exploit is needed
POC:
"IMail_UserId
1006332dgd2@Someserver"
--------------------------
"IMail_password
1234"
Straight From Cookie ^^ (edited to protect user)
Shoutz to Dcrab, Infinite, j0X, DjPc, Ch4r, Raven, FPA, woody, elohimus,
kurupt3k, and the rest i forgot i still got love for :P