Jackass
Introduction
That microsoft's code is not always secure, is very clear again with this XSS exploit. This is not the first XSS exploit that has been found, others have been found. If you are viewing this document offline, the newest version can be found here. I am Adriaan Graas, a student who is interested in internet security and web development. I am currently 16 years old, though that would not make the exploit less effective.
Please do not mail me for hacking your ex-girlfriends inbox. Get away moron.
How
The idea is simple. When u are logged-in into Hotmail, a cookie is created wich allows you access every time you are in it's domain. Since the cookie is not IP-bind (how is this possible? - microsoft) we are able to fake the cookie, when stolen. Then use it to login. This all does mean that we do not have to know the password or even the emailaddress of the victim. Trough XSS we can insert an piece of javascript code that will send the cookie to a webserver with an log script. This can be written in PHP, ASP, CGI practically anything you want. The cookie can be faked with Proxomitron.
Adriaan Graas security and web development
Participate on our website and join the conversation
You have already an account on our website? Use the link below to login.
Login
Create a new user account. Registration is free and takes only a few seconds.
Register
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
pedro
hello im really interested in your method but for a good reason i want you to hack my account hotmail because i think someone did it and i cant get in can you help me pls its because i have important contacts of family pls help
