Messenger Pro 3 from Clickatell.{Allows you to spoof Mobile Numbers}

From: Jignesh Ghaghada (jghaghada_at_treadsetters.com)
Date: 02/17/04

  • Next message: Der Ago: "Serv-U 4.1 Memory Corruption / Whatever" 
    Date: 17 Feb 2004 11:00:41 -0000
To: vuln-dev@securityfocus.com
    ('binary' encoding is not supported, stored as-is)

    Messenger Pro 3 from Clickatell.com has a security issue which allows a person to input any mobile number and send a txt message which can cause problems. After installing the software you are able to login and get 5 free messages or credits. You can register as many times as you want getting 5 credits after you have finished or used up your credits allowing you to send multiple messages. Under the options tab of the program there is an Extra setting which allows you to put in a Sender Id:. under this option you can input any mobile number and send the text which sends a txt message as showing it coming from someone else. I.E. Spoofing.Example:

    A No: +123456789
    B No: +987654321
    C No: +147258369

    Let us say that you wanted to send a message to B but didnt want to show your number but wanted C's No to appear you can input C's No and send the message. {Spoofing}.

    I am not quite versatile with explaining it in full detail but this is all i can write.

    Thanks

    Jignesh Ghaghada

  • Next message: Der Ago: "Serv-U 4.1 Memory Corruption / Whatever"