Vulnerability Development mailing list archives
Re: Netaddress and amexmail
From: ident () LINEONE NET (Stone)
Date: Thu, 27 Apr 2000 13:39:05 +0100
Hi people. I've been using NetAdress and AmexMail (actually, the same company) for a couple of years now. I have one account in each one. Well, the point is that today I decided to play a little: I logged into my AmexMail account. After a successfull login you are redirected to http://www.amexmail.com/tpl/Door/SomeUniqueID/Welcome Ok, I opened a second browser and cut&pasted that into this new browser window, BUT changing amexmail by netaddress. Results? I had my account opened in two different browser windows, with the small difference that the sessions were different. In one I had the amexmail user interface, and in the other I had the netaddress user interface. I had no friends online at that moment to send'em the URL to see if they could login without supplying the password. Ok, I now this is kind of stupid, but who knows?
The site is probably using cookies to authenticate that its you after you first login into the site so you do not have to authenticate with it for every action you perform when logged in. Try using a cookie cleaner after you have logged in then check if you can login within another browser window. Hope this helps, Chris - chris.hearn () btinternet com
Current thread:
- Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. LiGHTNiNG (Apr 24)
- Re: Securax Security Advisory: Windows98 contains a seriousbufferoverflow with long filenameextensions. Markus Kern (Apr 25)
- <Possible follow-ups>
- Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Schockaert, Rudy (Apr 24)
- Netaddress and amexmail Arturo Busleiman (Apr 25)
- Re: Netaddress and amexmail Fabio Pietrosanti (Apr 27)
- Re: Netaddress and amexmail Blue Boar (Apr 27)
- Re: Netaddress and amexmail Marc Slemko (Apr 28)
- Re: Netaddress and amexmail Arturo Busleiman (Apr 28)
- Netaddress and amexmail Arturo Busleiman (Apr 25)
- Re: Netaddress and amexmail Stone (Apr 27)
- Exploit Ease Level Rory Savage (Apr 25)
- Re: Exploit Ease Level Max Vision (Apr 26)
- Re: Exploit Ease Level Rory Savage (Apr 28)
- Using php to bounce scan Thiebaut (Apr 28)
- Re: Using php to bounce scan Omachonu Ogali (Apr 28)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- corrupted link JklojLrnzn () AOL COM (Apr 30)
- Re: Using php to bounce scan Matt Rae (Apr 30)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- Re: Exploit Ease Level Max Vision (Apr 28)