[Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail

[kalyan <kalyanakumar1985@xxxxxxxxx>]

Dear all

is it a good mail?what do you feel guys?.It doesn't encrypting your
passwords


POST /cgi-bin/login.cgi HTTP/1.1

Host: mail.rediff.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3)
Gecko/20090824 Firefox/3.5.3

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

Referer: http://www.rediff.com/

Cookie: RuW=1252586041360329; RsW=IND;
RLOC=%5F%5FeZMqPfDceMg%5F%5F4P6Xdf5DkD2%5F%5FtHonjGX8AnI%5F%5Find%5F%5F;
Rt=%3D%3DAMwAjN3czN; accounttype=77;
Rp=g%3D2%26a%3D24%26c%3D08%26s%3D29%26cn%3D099%26z%3D123456%26p%3D034%26e%3D05%26d%3D_04%26i%3D_35_%26dor%3D20060220%26mi%3D3;
RMID=7c7dc92f4aa8f200; RMFS=011MljEWU107fl; app_lang=; ckey=70795
Content-Type: application/x-www-form-urlencoded
Content-Length: 63
login=evil.devil&passwd=*devil.evil*&remember=1&FormName=existing


Regards
Kalyan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/