Browsing all articles from April, 2011

Click here to search the VMWare user database!

So last week some time Chris Hadnagy linked me to the following URL: http://info.vmware.com/content/opt-out which was pretty interesting last week. Basically it allowed someone to full in their email address to manage their VMWare subscriptions, i noticed a couple of things from the next pages:

  • The fields auto populated with details like Name, Phone Number etc (i know, without auth and only an email address – worriedface)
  • Another tab became available that allowed you to update your details – again, no auth, scary

So i whipped out the good old firebug and started looking through the ajax calls till i came across this little gem:

http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=50&amp;siteid=524&amp;DLKey=<strong>&lt;sessionkey&gt;</strong>&amp;DLLookup=%3CC_EmailAddress%3E<strong>&lt;email_address&gt;</strong>%3C/C_EmailAddress%3E&amp;ms=59

and the resulting page looked something like:

function GetElqContentPersonalizationValue(strDataField)
{
var strTemp = '';
//alert('Data Field: ' + strDataField);
if(strDataField == 'C_EmailAddress' || strDataField == 'EmailAddress')
{strTemp = 'andrewmohawk\x40gmail.com';}
if(strDataField == 'C_FirstName' || strDataField == 'FirstName')
{strTemp = 'Andrew';}
if(strDataField == 'C_LastName' || strDataField == 'LastName')
{strTemp = 'MacPherson';}

Yeah, great info straight in that.. EEEK! So being the script kiddie (seriously, scripting languages FTW) i wrote a tiny PHP application to pull this info and display.

However the issue was that if you could update someones account, then you could simply change their email address, do a password reset and gain access to a commercial account giving people access to software that someone else paid loads for — this isnt cool so i didnt put the link out. However this week VMWare have removed the update page and the auto-populating fields — yet my scraper still works so i figured i’d put it out.

I’ve specifically left out the sessionkey to make it at least not a trivial cut and paste to get info yourself since it may still be possible to update from that code.

Just another leak i guess. But if anyone has any other links/ideas/stuff for me to play with, contact form’s on the left :)

Cheers,
Andrew

Click here to search the VMWare user database!

Recent Posts

What?

Not the quickest of cats
on the best of days.

Spotnik

Check out my android app now in beta!

 

Tag cloud

Donate

For electronics/other to play with:



Archives