[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] WWW.EEM.PT - Consultation Request Encoding Flaw

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] WWW.EEM.PT - Consultation Request Encoding Flaw
From: Hacxx Under <hacxx20@xxxxxxxxx>
Date: Tue, 11 Oct 2011 15:08:45 +0100

A flaw exists in WWW.EEM.PT Consultation Request. The Consultation
Request is used for client notification aswell as client registration.

URL: http://eemnet.eem.pt/DesktopDefault.aspx?context=search_requests

Alphanumeric example: LL54949

In the example the request is 54949 and the two random letters are LL.
Since the two random letters is the password, there are only 729
possible combinations...

-----
Last Disclosure on my behalf - HACXX

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
Next by Date: Re: [Full-disclosure] VPN providers and any providers in general...
Previous by thread: [Full-disclosure] [ GLSA 201110-06 ] PHP: Multiple vulnerabilities
Next by thread: [Full-disclosure] Bypassing Windows 7 kernel ASLR
Index(es):
- Date
- Thread