Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PR07-02: XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter)

Aida-Web Information Exposure

Sciurus Hosting Panel Code İnjection

[ GLSA 200711-17 ] Ruby on Rails: Multiple vulnerabilities

From:	thetaung_(at)_gmail.com <thetaung_(at)_gmail.com>
Date:	17.11.2007
Subject:	Javamail login username and password same email problem

Javamail login username and password same email problem

By Thet Aung Min Latt
Yangon Myanmar
16 November 2007

1. First logon to examplemail.com
http://examplemail.com/login.jsp
And login with username@examplemail.com in username and password box.

User name: username@examplemail.com
Password:username@examplemail.com

2. It will return unexpected error as follow;

Connecting Please Wait
Open Err:Connect failed; nested exception is: java.net.UnknownHostException: examplemail.com@1.2.3.4(ip) Error occur : null

3. After this error, contineous Refresh (Keep pressing F5 key) and Post DATA yes, and following error occur.

com.example.util.dao.DAOException: SQL Exception while getting Connection: org.apache.commons.dbcp.SQLNestedException: Cannot get a connection, pool exhausted, cause: Timeout waiting for idle object

This problem can lead an attack to DOS attack type

Anyway thanks for reading this article.

Thet Aung Min Latt
Email: thetaung@gmail.com
Web: http://taml.co.nr