|
|
|
|
| |
Network Solutions offer a free web mail accounts on their dotcomnow web site. However, this web mail system has almost no security measures whatsoever. Any user can log into any other email account.
Ted Coyle, the person who discovered and reported this backdoor has demonstrated this hole by sending an email from support@dotcomnow.com. |
| |
Credit:
This bug was discovered by Ted Coyle from WebThere.com.
|
| |
It is possible to get a free webmail account from http://www.networksolutions.com, this account can be used until a permanent one is created (usually when the domain's owner establishes a place holder for his domain).
The system used to verify logon credentials for an existing mailbox on dotcomnow.com is flawed, and can be easily overcomed.
In order to exploit this security hole, simply visit the following URL:
http://mail.dotcomnow.com/signup/poll/<requested account name>?dlang=default
Placing the wanted web mail account in the URL.
For example, the following URL will log you into support@dotcomnow.com:
http://mail.dotcomnow.com/signup/poll/support?dlang=default
Network Solutions has been notified on Sunday morning (19th of September 1999) (besides being mailed by Ted Coyle from a compromised mail account) but has not responded yet.
|
|
|
|
|
|
|
|
|
|
