____ ____ __ __ / \ / \ | | | | ----====####/ /\__\##/ /\ \##| |##| |####====---- | | | |__| | | | | | | | ___ | __ | | | | | ------======######\ \/ /#| |##| |#| |##| |######======------ \____/ |__| |__| \______/ Computer Academic Underground http://www.caughq.org Security Advisory ===============/======================================================== Advisory ID: CAU-1998-0003 Release Date: 1998.05.27 Title: GTE Cybercenter - Web Browsing Access Control Subversion Application/OS: GTE Cybercenter Kiosk Interface Software for Windows 95 Topic: Full Web Browsing is possible from within the restricted environment. Vendor Status: Unreachable Attributes: Access Control Subversion Advisory URL: http://www.caughq.org/advisories/CAU-1998-0003.txt Author/Email: I)ruid (druid@caughq.org) int3l (int3l@caughq.org) ===============/======================================================== Problem ------- The GTE Cybercenter's Software Program is designed to allow users to swipe their credit card to use services provided such as web browsing, email checking, telnet, etc. Full Web Browsing is capable without the need for payment by using their restricted demo browser, which allows the user to browse a couple of GTE Cybercenter's sponsor's sites. Example ------- http://www.caughq.org/~druid/GTE_cybercenters.txt Technical Explanation --------------------- http://www.caughq.org/~druid/GTE_cybercenters.txt Solution -------- There is no solution at this time. How To Exploit -------------- http://www.caughq.org/~druid/GTE_cybercenters.txt