It was back in 2004 when I was still at UPB and waiting to get final interviews with Ubisoft Romania. Had some spare time and also got interest in mail.md security research after having previously attempted to find security holes in it without too much luck.
At the same time, I saw the below post from k0t about his research on this topic:
Xakep Online > Читаем чужие письма на Mail.md
Few days intensive testing and got the script working. Since then, just beautified and commented it properly. The attack would have involved:
Recently, some script kiddie revived the dead here:
mail.md или читаем письма молдован
Here is an archive with files: Mail.md hack script (working back in 2004-2005)
Now, this attack is not working because:
However, they have kept most of the URL encoding of actions, sessions and folders, so they didn’t get rid of the old engine totally likely. Also, they had some stack problems with the old CGI-BIN, but I cannot recall or find any notes on how to reproduce them…
That’s for now. And as a final note - Security - is an ongoing process, not a final goal.
DISCLAIMER: this post is intended purely for security research and educative purposes as well as intended to urge the vendor to fix the problems posing threats to its customers. Any use of this information is sole responsibility of the reader/user and the author is not to be held liable for any miss-use of the above informative technical details.
No Comments/Pingbacks for this post yet...
This post has 3 feedbacks awaiting moderation...
A deep dive into brain's curiosities
|<< <||> >>|