[26168] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Hosting Controller Vulnerability

daemon@ATHENA.MIT.EDU (Muhammad Faisal Rauf Danka)
Sun Jul 14 23:29:15 2002

Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
Date: Sun, 14 Jul 2002 14:31:21 -0700 (PDT)
From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com>
To: bugtraq@securityfocus.com
Reply-To: mfrd@attitudex.com
Message-Id: <20020714213121.A7F7E36F9@sitemail.everyone.net>

Instead of using something like @stake web proxy, could you also save the html output of (/accounts/updateuserdesc.asp) locally and change username to administrator and re-submit the form? And how are they validating the user name after applying the patch ?

Regards, 
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[26168] in bugtraq

Re: Hosting Controller Vulnerability

daemon@ATHENA.MIT.EDU (Muhammad Faisal Rauf Danka)Sun Jul 14 23:29:15 2002

daemon@ATHENA.MIT.EDU (Muhammad Faisal Rauf Danka)
Sun Jul 14 23:29:15 2002