Advertisement
Guest User

Untitled

a guest
Nov 24th, 2010
226
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.66 KB | None | 0 0
  1. subject: using a custom query to harvest email addresses
  2.  
  3. From ticket:153#comment:93
  4. > Again, if you discover any leak of e-mails information remaining for unauthorized users, please create a new ticket.
  5.  
  6. A malicious user with a little motivation could easily harvest 100's of email addresses from Trac. This can be achieved through custom queries on user-fields, using popular domain names as search criteria.
  7.  
  8. Example:
  9. [http://trac.edgewall.org/query?reporter=~%40hotmail.com&col=id&col=reporter&order=priority hotmail.com]
  10.  
  11. By replacing "..." with the domain name in question, full email addresses can be collected from the query results by unauthorized users.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement