Author Topic: Server Leaks Personal Information  (Read 11075 times)

0 Members and 1 Guest are viewing this topic.

June 03, 2010, 06:12:20 pm
Read 11075 times

kreykh

  • Newbie

  • Offline
  • *

  • 1
http://www.unitedresources.biz/sail/sailcalendar.aspx
This site if browse manually to their Calendar of Events page and provide a random ID/Password, than click on My Info leaks badly  the real members' info, including Home Addresses, CC (partial), Phones, etc Very buggy server...Likely, I did accidentally exploit the  Session or Cookie prediction flaw.. :o.
P.S. The link above might not work directly. You need to go http://www.sailthesounds.com/Training.htm and Click on "Enroll in Class".. 

June 03, 2010, 06:30:32 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day