Malware Domain List

Malware Related => Compromised Servers => Topic started by: kreykh on June 03, 2010, 06:12:20 pm

Title: Server Leaks Personal Information
Post by: kreykh on June 03, 2010, 06:12:20 pm
http://www.unitedresources.biz/sail/sailcalendar.aspx
This site if browse manually to their Calendar of Events page and provide a random ID/Password, than click on My Info leaks badly  the real members' info, including Home Addresses, CC (partial), Phones, etc Very buggy server...Likely, I did accidentally exploit the  Session or Cookie prediction flaw.. :o.
P.S. The link above might not work directly. You need to go http://www.sailthesounds.com/Training.htm and Click on "Enroll in Class".. 
Title: Re: Server Leaks Personal Information
Post by: SysAdMini on June 03, 2010, 06:30:32 pm
I suggest contacting site owner.

https://www.unitedresources.biz/ContactUs.aspx