Full Disclosure mailing list archives
Re: NO-IP service Flaw
From: ghost <ghosts () gmail com>
Date: Mon, 26 Jan 2009 19:12:33 -0500
Posts like these are just as bad as n3td3v posts. Here's an idea, learn security, then come back with something interesting. kthnx On Mon, Jan 26, 2009 at 10:47 AM, Tribal MP <tribalmp () gmail com> wrote:
A flaw exists in NO-IP service while updating the status. The problem reside in the URL and corresponding variables because they are send in plain text. By monitoring HTTP traffic in a machine using NO-IP DUC it's possible to intercept the username, password and subdomain for the account. Example: http://dynupdate.no-ip.com/ducupdate.php?username=email () email com&pass=123456789&h[]=subdomain.no-ip.biz Fabio Pinheiro http://dicas3000.blogspot.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- NO-IP service Flaw Tribal MP (Jan 26)
- Re: NO-IP service Flaw ghost (Jan 26)
- Re: NO-IP service Flaw infolookup (Jan 26)
- Re: NO-IP service Flaw Valdis . Kletnieks (Jan 27)
- Re: NO-IP service Flaw infolookup (Jan 26)
- Re: NO-IP service Flaw ghost (Jan 26)