Another great reason to hate 1&1

Status
Not open for further replies.


bubbles said:
http://www.xssnews.com/2007/12/27/a...ted-by-11-internet-inc-are-vulnerable-to-xss/

When will people learn that you get what you pay for, and its worth it to spend the extra $3/month to not get completely fucked over by your host.
Click to expand...

Why one would ever host with them, I don't know. I just had to extricate my partner from umpteen sites hosted w/these jokers. Domain reg? Decent ( won't do multiple-year domains) but it is nearly impossible to cancel an agreement. They require sent faxes but then don't act on them. Horseshilt organization
 
I guess no one read the article... Although 1&1 is a horrible company for many reasons I thought it incredibly ironic that they have a site wide (Like every site hosted with 1&1) XSS vuln while trying to make an extra buck.

Basically they tried to make an extra buck by pointing 404s to sedo page. The code they used to do it looked like this:

<Frame src="http://sedoparking.com/ads.php?id=xxxx&url=[URL OF 404]">
Click to expand...
So you could do something like:
hxxp://www.austinbuckboardofhope.com/invalidfilename.thtml%22%20onload=%22alert('vulnerable%20to%20xss')
Click to expand...
If you wanted to be a real dick you could just scan the IP range of 1&1 and make some sort of worm to go through and play with it.
 
1&1 is focussing on cheap virtual packages, so no surprise that you end up on overcrowded, oversold servers with heaps of security problems. Customer service sucks, you always have to upgrade a package if you need any extras (IPs, domains, etc.)...it's good for a family homepage but not for business.
 
Tried to cancel a domain renewal with these guys - they required a fax to be sent and signed. I mean what the hell...

Ended up they tried to bring in debt collectors for the money, which was minescule

Very bad company.
 
Status
Not open for further replies.
Top Bottom
Back