[13398] in bugtraq
Security hole in mail2web web-based emailservice
daemon@ATHENA.MIT.EDU (Patrick Oonk)
Mon Jan 17 21:01:27 2000
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="4BbZpS4xx+iYF6kJ"
Message-Id: <20000117144353.O1786@pine.nl>
Date: Mon, 17 Jan 2000 14:43:53 +0100
Reply-To: patrick@pine.nl
From: Patrick Oonk <patrick@PINE.NL>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
--4BbZpS4xx+iYF6kJ
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Hi,
My collegue Roy Froma was checking a httpd-log while debugging a
web site script, and saw a strange looking=20
referer in the log. When he copied this URL to his browser, he was=20
suddenly reading somebody elses mail. Apparently this person had=20
clicked on a link to our site in his email.=20
The URL looked like this (wrapped for readability):
http://www.mail2web.com/cgi-bin/readmsg.asp?listdirection=3D-1
&listperpage=3D10&msgnumber=3D1&abc=3DVERYLONGSTRINGGOINGONFORAGES
After about five minutes the authentication expired, maybe due to the=20
legitimate owner of the mail logging off from the service.
Mail2web seems to be some kind of pop-to-web gateway, offered
by the webhosting service Softcom.
Nice quote from the Mail2web site: "Mail2Web lets you to have control on
your email without the hassle. Your activities are private and none of=20
them are being recorded."
They have been notified.
Patrick
--=20
Patrick Oonk - PO1-6BONE - patrick@pine.nl - www.pine.nl/~patrick
Pine Internet B.V. GOAT666-RIPE PGP key ID BE7497F1 =20
Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/
---- Pine Security Digest - http://security.nl/ (Dutch) ----
Excuse of the day: Your excuse is: The electricity substation in
the car park blew up.
--4BbZpS4xx+iYF6kJ
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQB1AwUBOIMcmPMOST2+dJfxAQE+igL/XME3nKLxTMbe0XQlEGgrbZrG4gf0/S5p
nDn7JHIx08BfMLiFQXL2OL5EYqmJEDcpiUq9x2gqY9OwX5wwMqaCqsvNTD0YK7aC
Hmvg2NYU/+ddmPcFY1rcoIi8WV/UKzFY
=ZG3Y
-----END PGP SIGNATURE-----
--4BbZpS4xx+iYF6kJ--
