API tools faq
paste
Guest User

Untitled

a guest
Nov 24th, 2010
265
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.66 KB | None | 0 0
raw download clone embed print report
  1. subject: using a custom query to harvest email addresses
  2.  
  3. From ticket:153#comment:93
  4. > Again, if you discover any leak of e-mails information remaining for unauthorized users, please create a new ticket.
  5.  
  6. A malicious user with a little motivation could easily harvest 100's of email addresses from Trac. This can be achieved through custom queries on user-fields, using popular domain names as search criteria.
  7.  
  8. Example:
  9. [http://trac.edgewall.org/query?reporter=~%40hotmail.com&col=id&col=reporter&order=priority hotmail.com]
  10.  
  11. By replacing "..." with the domain name in question, full email addresses can be collected from the query results by unauthorized users.
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!