Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netaddress and amexmail

From: ident () LINEONE NET (Stone)
Date: Thu, 27 Apr 2000 13:39:05 +0100


Hi people.

I've been using NetAdress and AmexMail (actually, the same company) for a
couple of years now. I have one account in each one.

Well, the point is that today I decided to play a little:

I logged into my AmexMail account. After a successfull login you are
redirected to http://www.amexmail.com/tpl/Door/SomeUniqueID/Welcome

Ok, I opened a second browser and cut&pasted that into this new browser
window, BUT changing amexmail by netaddress. Results?
I had my account opened in two different browser windows, with the small
difference that the sessions were different. In one I had the amexmail
user interface, and in the other I had the netaddress user interface.
I had no friends online at that moment to send'em the URL to see if they
could login without supplying the password.

Ok, I now this is kind of stupid, but who knows?



The site is probably using cookies to authenticate that its you after you
first login
into the site so you do not have to authenticate with it for every action
you perform
when logged in. Try using a cookie cleaner after you have logged in then
check if
you can login within another browser window.

Hope this helps, Chris - chris.hearn () btinternet com
Previous By Date Next
Previous By Thread Next

Current thread: