Ever wonder why so many hosted websites and mail servers get mysteriously 'hacked' so easily? Hey, it's simple when you send the username, password AND the domain that the user is administering in the clear! WEEEEE!
POST
http://mech.phpwebhosting.com/cgi-bin/qmailadmin HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer:
http://mech.phpwebhosting.com/cgi-bin/qmailadmin
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; InfoPath.1)
Host: mech.phpwebhosting.com
Here it comes...
do.login=Login&username=postmaster&password=MYPASSWORD&domain=MYDOMAIN.com&bleh=login
Imagine if you could snarf every admin's password on a single hosting box - a box that hosted hundreds or thousands of domains...
http://blogs.ittoolbox.com/security/investigator/archives/look-at-all-of-these-passwords-11240
