uReach has a security flaw in that you are able to view and change any user's setting remotely. This is quite a simple process, all you have to do is "view-source" of their "Account info" page and copy this into your free geocities account. You can then embed this page into a hidden iframe in an email and mail your target. This is not good.

You will of course have to modify the <FORM> statement dynamically. This could be done using the following code:

<script>
d=document.referrer;
ds=d.split('/');
s=ds[0]+'//'+ds[2]+'/'+ds[3]+'/'+ds[4]+'/';
document.write('<FORM NAME=form METHOD=post ACTION="');
document.write(s+'admin?func=su" id="f1">');
</script>

You should also complete the steps by issuing a submit command as part of the body onLoad statement. i.e.:
onLoad="init();document.forms.f1.submit()"
This will serve to automatically post the form as soon the email has fully loaded.

The values that you choose to update your target's account is up to you.

On a positive note, this service offers MUCH more in way of features and free voicemail etc. than any other provider. These guys have set a standard to which other providers must now aspire.





Recommended: No