Unsubscribe DoS
From: Frank Knobbe (frank@knobbe.us)
Date: 12/19/02
- Previous message: Andrew Thomas: "Format string and other vulnerabilities on Win32"
- Next in thread: Arnold, Jamie: "RE: Unsubscribe DoS"
- Maybe reply: Arnold, Jamie: "RE: Unsubscribe DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Frank Knobbe <frank@knobbe.us> To: vuln-dev@securityfocus.com Date: 18 Dec 2002 23:35:18 -0600
Greetings,
while reviewing postmasters email for a mail system we manage, I came
across an email from some list/spam server that offers an unsubscribe
URL. This was a bounced email for a user that no longer has a mail box
on the systems. So I just opened the browser and unsubscribed the user
to avoid any further bounces.
Nice feature I thought..... and then I started to take a look at the URL
[1]. Obviously we have the subscriber ID (email recipient), the customer
ID (the client of the list/spam server), and the campaign ID (to
identify the mailing itself).
The risk is that someone could just enter any subscriber ID and unsubscribe someone else.
That made me wonder how widespread the problem is. Are there any
pointers or references to list/spam server opt-in/opt-out systems that
are prone to automated attacks, such as a for-loop posting http pages?
Regards,
Frank
[1]http://mailiwant.com/unsubscribe.jsp?subid=123456&custid=12&campid=1234<br>
<a href="mailto:rsmc@tid.es?subject=Re:%22
- Next message: Arnold, Jamie: "RE: Unsubscribe DoS"
- Previous message: Andrew Thomas: "Format string and other vulnerabilities on Win32"
- Next in thread: Arnold, Jamie: "RE: Unsubscribe DoS"
- Maybe reply: Arnold, Jamie: "RE: Unsubscribe DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
