[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] more chess fun...;)

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] more chess fun...;)
From: Roelof Temmingh <roelof@sensepost.com>
Date: Mon, 2 Feb 2004 02:54:06 +0200 (SAST)

Speaking of chess - a friend invited me tonight to play a game of "email
chess" on Shockwave's site. There's no authentication ... the URL looks
like this:

http://www.shockwave.com/rd/ec.cgi?id=2004/2/1/12029_xxxxxx&player=b

Where xxxx is a random number.

Now, take a guess what happens if you change the "b" at the end (clearly
for "black") to "w" (for white). It goes a bit like this:

"now THAT was a crap move..why did you do THAT?"
"uhmmm...I didn't! It moved by itself?!"

<evil grin>

Thought it to be slightly amusing..:)
Roelof.


=====================
Roelof Temmingh
+27 12 667 4737
GMT+2
=====================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Gnu Chess 0day
  - From: "ace sk8" <ace2oo1sk8@hotmail.com>

Prev by Date: RE: [Full-Disclosure] SCO.com Peripherals dead too
Next by Date: Re: [Full-Disclosure] What to do with a "burned" dns record? (was: sco.com -> slow? :)
Previous by thread: Re: [Full-Disclosure] Gnu Chess 0day
Next by thread: [Full-Disclosure] [SCSA-027] PHP-Nuke 6.9 SQL Injection Vulnerability
Index(es):
- Date
- Thread