0day Exploit In hotmail

Discussion in 'other security issues & news' started by Ranget, Apr 23, 2012.

Thread Status:
Not open for further replies.
  1. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Hi guys just read about 0day exploit in Hotmail
    that lead you to Loosing your account Permenantly by tampering data
    in the Recover Password Page
    any news about that ?
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Do you mean it happened very recently? Where have you read it?

    Something similar happened in the past, though; judging by a quick search.
     
  3. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Something like Friday or something i have also a tut page on How to exploit it
    it's very easy exploit :/

    wonder if it did get Fixed

    i read it on an UnderGround Site
    i can Give a Link to A microsoft Employ to FIx this if it's still active
    Do you know anyone here in the Forum ?
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,654
    This sounds like back in the day with the rise of websites that asked you to type in your password and they "told" you who has blocked you :x
     
  5. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Nope all the work can be done in The Main Live.com or hotmail.com site
     
  6. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,397
    How does the exploit work? Does it come from a Malicious adverstisement loading?
     
  7. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Nope you can Do it using Tamperdata Addon
     
  8. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    it's a conformed Exploit it spreaded so Fast
    It's being used by some GoV to Spy on Activest anyway
    where do i report such exploit to Microsoft
     
  9. STONEMAN

    STONEMAN Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    98
    Location:
    London,South Of The River
    my hotmail account got hit friday,lucky for me their wasnt much in the account.
    opened new email account elseware, changed all passwords shopping,papal,router etc,dont use facebook or twitter.no money gone from bank as i dont do online banking also installed keypass just incase and truecrypt for a few files.aslo ran some ondemand scans which were clean.
     
  10. STONEMAN

    STONEMAN Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    98
    Location:
    London,South Of The River
    just an up date,
    i may have this wrong but just read that you had to
    open an email and click the ulr to to get this to work.
    strange really as i never open unknown mail or follow links.o_O
     
  11. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    this hack will allow the hacker to change the Mail password without any user interaction
    wich is Totally Remote exploit !!!!!!

    it's very very very serious EXPLOIT

    why people here are not caring i'm not Spreading FUD
    i saw the article and LOT of People changed their Mail service because of it

    the exploit simply allow the hacker to change the Hotmail account Password Remotly
    without anyuser interaction

    Guys i'm reporting it what more need to explain Guys !!!!!!!!!!!!!!!!!
    why the security people always Late to Respond
     
  12. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Question about the exploit. Does it require a third-party connection? I mean, is the exploit hosted at Microsoft's own servers? If does require a third-party connection, and if, in fact, there's danger, then all you got to do is to restrict communications to Microsoft/Hotmail's server IPs/domains.
     
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    There were some issues with Hotmail ads in the past. It could very well be the source; these are automatically loaded, and you don't need to click in anything. Granted, whatever could happen afterwards, could very well be prevented. I remember someone posting one of such situations sometime ago, and it tried to make the user install something.
     
  15. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    no nothing is required it's an EXPLOIT using the Email recovery option in forgot password
    section
    by using TamperData and Minpulating the HTML requests Post and GET stuff
    you will be able to by pass a step and you will go to the enter new Password Page

    then the hacker will get a FULL!!!! control of the account Remotly
    i sent the URL with the explination of the Exploit to Cudni so he can Report it
    i was surfing i found that Thing and what it Look it's not Old couple of day Late

    anyway hope it get Fixed Today
     
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, it's an exploit. You've said it a few times already. But, the question was: Where is the exploit hosted? Is it hosted at Microsoft's own servers?

    Even if you don't need to interact with the exploit, the exploit code still needs to get executed. So, where is the exploit code hosted?

    -edit-

    I think I'm understanding now. It's a flaw in Hotmail itself (e-mail recovery option), correct? :)
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,139
    The vulnerability is in the MS servers, I assume. It can be exploited by anyone who can access those servers ie: anyone.
     
  18. kaioo

    kaioo Registered Member

    Joined:
    Apr 23, 2012
    Posts:
    2
    Location:
    DE
    Here is the real information ;)

    The bug has been reported some days ago by benjamin kunz mejri of vulnerability-lab.com & also by another unknown researcher to msrc.

    TITLE: Microsoft MSN Hotmail - Password Reset & Setup Vulnerability
    WATCH: http://www.vulnerability-lab.com/get_content.php?id=529

    The issue has been patched to 80% by MSRC last 2 days. I only wait till they confirm then the information will flow to all of ya. :ninja:
     
  19. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Microsoft is aware of it and is investigating. Thanks for the report.
     
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,654
    Thanks for bringing in some sanity.
     
  21. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,539
    Location:
    localhost
    :thumb: Indeed
     
  22. STONEMAN

    STONEMAN Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    98
    Location:
    London,South Of The River
    any more news on this exploit?
    been trying to tell people but they dont seem
    to belive its true :rolleyes:
     
  23. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Even I, (if I'm not a user of Wilders), won't believe it. LOL
     
  24. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I think the main problem is that, at first - at least me :D - it sounded as if Hotmail was redirecting users to some exploit. Which is why I mentioned that it happened in the past - an hijacked advertisement. Also the reason I mentioned that restricting communications only to Hotmail servers would solve it.

    I mean 0-day exploit... I usually think of exploits against the web browsers/plug-ins. :D Then, it isn't really a 0-day exploit - Microsoft seems to be aware of it for 3 days now, at least, and got it most of the issue solved by now, according to kaioo.

    A title like Hotmail vulnerable and open to attacks or something more catchy, would have made it more clear... to me. :D
     
  25. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,539
    Location:
    localhost
Thread Status:
Not open for further replies.