[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] NO-IP service Flaw

To: Tribal MP <tribalmp@xxxxxxxxx>
Subject: Re: [Full-disclosure] NO-IP service Flaw
From: ghost <ghosts@xxxxxxxxx>
Date: Mon, 26 Jan 2009 19:12:33 -0500

Posts like these are just as bad as n3td3v posts. Here's an idea,
learn security, then come back with something interesting.

kthnx


On Mon, Jan 26, 2009 at 10:47 AM, Tribal MP <tribalmp@xxxxxxxxx> wrote:
> A flaw exists in NO-IP service while updating the status. The problem
> reside in the URL and corresponding variables because they are send in
> plain text.
>
> By monitoring HTTP traffic in a machine using NO-IP DUC it's possible
> to intercept the username, password and subdomain for the account.
>
> Example:
> http://dynupdate.no-ip.com/ducupdate.php?username=email@xxxxxxxxx&pass=123456789&h[]=subdomain.no-ip.biz
>
>
> Fabio Pinheiro
> http://dicas3000.blogspot.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] NO-IP service Flaw
  - From: infolookup

References:
- [Full-disclosure] NO-IP service Flaw
  - From: Tribal MP

Prev by Date: [Full-disclosure] [USN-711-1] KTorrent vulnerabilities
Next by Date: [Full-disclosure] CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
Previous by thread: [Full-disclosure] NO-IP service Flaw
Next by thread: Re: [Full-disclosure] NO-IP service Flaw
Index(es):
- Date
- Thread