Vulnerability Development mailing list archives
Re: Neato Bell Atlantic Feature
From: Russell Berry <russ () BERREX COM>
Date: Mon, 14 Aug 2000 10:23:31 -0400
When I saw this I decided to do some investigating of other websites. My bank, and a few of my credit cards have online sites to access data. A couple take your social security number for a log in name. On at least one site, I could put in my social security number, and a b0gus password. Java runs, and even though it returns an invalid login, the souce of the script running spews out account information. Go figure. Stop looking at this as a toy to go play with, and start looking for similar breaches in the institutions you all use and warn them accordingly. I fear there is a LOT of this kind of vulnerability going around. Regards, Russell On 14-Aug-00 Seth Cohn wrote:
Had someone in BA country check it out. Among other things, it returns name and address for a phone number and also a PUB notation. I wonder if private numbers will also be listed... could be, looks like a db lookup. In which case, a autoscanner could compile a list of private numbers. :( Expect this to go away rsn. Too easy to abuse.
Words to Live by... Work like you don't need money, Love like you've never been hurt, Dance like nobody's watching.
Current thread:
- Neato Bell Atlantic Feature J Edgar Hoover (Aug 13)
- Re: Neato Bell Atlantic Feature Chris Tresco (Aug 13)
- Re: Neato Bell Atlantic Feature Seth Cohn (Aug 14)
- Re: Neato Bell Atlantic Feature Russell Berry (Aug 14)
- Re: Neato Bell Atlantic Feature Marc Maiffret (Aug 14)
- Re: Neato Bell Atlantic Feature J Edgar Hoover (Aug 14)
- Re: Neato Bell Atlantic Feature Blue Boar (Aug 14)
- Re: Neato Bell Atlantic Feature Seth Cohn (Aug 14)
- Re: Neato Bell Atlantic Feature Chris Tresco (Aug 13)
- Re: Neato Bell Atlantic Feature Blue Boar (Aug 14)
- <Possible follow-ups>
- Re: Neato Bell Atlantic Feature Stephen Friedl (Aug 14)