[11931] in bugtraq
Re: BT/Cellnet Genie vulnerability
daemon@ATHENA.MIT.EDU (James Fidell)
Thu Sep 16 17:37:29 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990915094338.F27668@thagdal.cloud9.co.uk>
Date: Wed, 15 Sep 1999 09:43:38 +0100
Reply-To: James Fidell <james@CLOUD9.CO.UK>
From: James Fidell <james@CLOUD9.CO.UK>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990915085754.A27668@thagdal.cloud9.co.uk>; from James Fidell
on Wed, Sep 15, 1999 at 08:57:54AM +0100
I wrote:
> The webmail service from BT Cellnet's Genie site appears have a vulnerability
> which allows any user to read messages irrespective of their intended
> recipient. Once logged in, other messages can be retrieved by merely
> changing the message-id in the URL for your own messages.
Engaging brain and writing this a little more clearly...
The Web server logs all SMS messages sent from the site to a mobile
phone. The log is displayed once a Genie user has sean SMS message, which
requires authentication. By selecting a message sent by themselves, it's
then possible to modify the URL used to retrieve your own message to read
other messages sent via the service.
James.
--
"Yield to temptation -- | Consultancy: james@cloud9.co.uk
it may not pass your way again" | http://www.cloud9.co.uk/james
|
- Lazarus Long | James Fidell
