Posts like these are just as bad as n3td3v posts. Here's an idea, learn security, then come back with something interesting.
kthnx On Mon, Jan 26, 2009 at 10:47 AM, Tribal MP <triba...@gmail.com> wrote: > A flaw exists in NO-IP service while updating the status. The problem > reside in the URL and corresponding variables because they are send in > plain text. > > By monitoring HTTP traffic in a machine using NO-IP DUC it's possible > to intercept the username, password and subdomain for the account. > > Example: > http://dynupdate.no-ip.com/ducupdate.php?username=em...@email.com&pass=123456789&h[]=subdomain.no-ip.biz > > > Fabio Pinheiro > http://dicas3000.blogspot.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
