Ev1servers.net Security Problem?

Articles Metasploit Framework Windows Tutorial Remote Desktop Connection Windows Processes That May Be Dangerous How-To use NetCat a Tutorial Common Linux Commands Common Ports Netcat Commands HTTP Response Codes War-Google Hack Terms Wardriving Avoiding Social Engineering and Phishing Attacks Intrusion Detection on Linux Linux Intrusion Detection Penetration Testing Guide Penetration Testing Tools Social Engineering Fundamentals, Part I: Hacker Tactics Social engineering (computer security) The Psychology of Social Engineering The Archives General GSO GovernmentSecurity.org News & Suggestions In The News Open Topic General Security Information Trash Can Exploit & Vulnerability Mailing List Archives Trial Member Forum Product and Program Reviews GSO Tutorials System Security Windows Systems Beginners Section Linux & Unix Systems File Downloads Exploit Research & Discussion Trojan & Virus Errata Networking Security / Firewall / IDS / VPN / Routers System Hardening E-Mail Security Wifi Security Trial Member Uploads Upload discovered Trojans & Mal ware GSO Programming Section C , C++ , VC++ Visual Basic .NET Perl /CGI Java/Javascript PHP/XML/ASP/HTML Assembly + Other The Cork Board Network Security Consultant Directory Network Security Jobs The Archives Encryption Information General Network Security Internet Anonymity HTTP Protocol Security Linux Security MS IIS Information Exploit Articles Programming / Tool Design GSO Software Projects Public Downloads Microsoft Security Questions and Papers		Help - Search - Member List - Calendar Full Version: Ev1servers.net Security Problem? GovernmentSecurity.org > General GSO > General Security Information ghasedak Nov 9 2004, 05:37 PM Hello e1servers.net is one of the site that provide low price domains. (6.49$ per domian) but recently I find there is security problem in the domain control panel. when You register your first domain in this site , that make a profile for you and the next time you can use this for registering other domains. you can access all of domains in one control panel. also you can create a sub user for each domains with diferent username and pass!!! the bug is here: when a sub user change the admin email in his/here domain profile and click on "forgot password" link on the site, ev1servers send to him the main user&password to his/here email!!!! (notice they send the admin pass, it is not the subuser pass) so any sub users have changing his/here domain admin email access can hack you very easy. becarefull exp0sed Aug 9 2005, 03:35 AM sounds like you should notify ev1servers. id ask em for a reward -exp0sed This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here. Invision Power Board © 2001-2005 Invision Power Services, Inc.