0day Exploit In hotmail

Discussion in 'other security issues & news' started by Ranget, Apr 23, 2012.

Thread Status:
Not open for further replies.
  1. Ranget

    Ranget Registered Member

    Hi guys just read about 0day exploit in Hotmail
    that lead you to Loosing your account Permenantly by tampering data
    in the Recover Password Page
    any news about that ?
  2. m00nbl00d

    m00nbl00d Registered Member

    Do you mean it happened very recently? Where have you read it?

    Something similar happened in the past, though; judging by a quick search.
  3. Ranget

    Ranget Registered Member

    Something like Friday or something i have also a tut page on How to exploit it
    it's very easy exploit :/

    wonder if it did get Fixed

    i read it on an UnderGround Site
    i can Give a Link to A microsoft Employ to FIx this if it's still active
    Do you know anyone here in the Forum ?
  4. funkydude

    funkydude Registered Member

    This sounds like back in the day with the rise of websites that asked you to type in your password and they "told" you who has blocked you :x
  5. Ranget

    Ranget Registered Member

    Nope all the work can be done in The Main Live.com or hotmail.com site
  6. TheKid7

    TheKid7 Registered Member

    How does the exploit work? Does it come from a Malicious adverstisement loading?
  7. Ranget

    Ranget Registered Member

    Nope you can Do it using Tamperdata Addon
  8. Ranget

    Ranget Registered Member

    it's a conformed Exploit it spreaded so Fast
    It's being used by some GoV to Spy on Activest anyway
    where do i report such exploit to Microsoft

    STONEMAN Registered Member

    my hotmail account got hit friday,lucky for me their wasnt much in the account.
    opened new email account elseware, changed all passwords shopping,papal,router etc,dont use facebook or twitter.no money gone from bank as i dont do online banking also installed keypass just incase and truecrypt for a few files.aslo ran some ondemand scans which were clean.

    STONEMAN Registered Member

    just an up date,
    i may have this wrong but just read that you had to
    open an email and click the ulr to to get this to work.
    strange really as i never open unknown mail or follow links.o_O
  11. Ranget

    Ranget Registered Member

    this hack will allow the hacker to change the Mail password without any user interaction
    wich is Totally Remote exploit !!!!!!

    it's very very very serious EXPLOIT

    why people here are not caring i'm not Spreading FUD
    i saw the article and LOT of People changed their Mail service because of it

    the exploit simply allow the hacker to change the Hotmail account Password Remotly
    without anyuser interaction

    Guys i'm reporting it what more need to explain Guys !!!!!!!!!!!!!!!!!
    why the security people always Late to Respond
  12. Cudni

    Cudni Global Moderator

  13. m00nbl00d

    m00nbl00d Registered Member

    Question about the exploit. Does it require a third-party connection? I mean, is the exploit hosted at Microsoft's own servers? If does require a third-party connection, and if, in fact, there's danger, then all you got to do is to restrict communications to Microsoft/Hotmail's server IPs/domains.
  14. m00nbl00d

    m00nbl00d Registered Member

    There were some issues with Hotmail ads in the past. It could very well be the source; these are automatically loaded, and you don't need to click in anything. Granted, whatever could happen afterwards, could very well be prevented. I remember someone posting one of such situations sometime ago, and it tried to make the user install something.
  15. Ranget

    Ranget Registered Member

    no nothing is required it's an EXPLOIT using the Email recovery option in forgot password
    by using TamperData and Minpulating the HTML requests Post and GET stuff
    you will be able to by pass a step and you will go to the enter new Password Page

    then the hacker will get a FULL!!!! control of the account Remotly
    i sent the URL with the explination of the Exploit to Cudni so he can Report it
    i was surfing i found that Thing and what it Look it's not Old couple of day Late

    anyway hope it get Fixed Today
  16. m00nbl00d

    m00nbl00d Registered Member

    Yes, it's an exploit. You've said it a few times already. But, the question was: Where is the exploit hosted? Is it hosted at Microsoft's own servers?

    Even if you don't need to interact with the exploit, the exploit code still needs to get executed. So, where is the exploit code hosted?


    I think I'm understanding now. It's a flaw in Hotmail itself (e-mail recovery option), correct? :)
  17. Hungry Man

    Hungry Man Registered Member

    The vulnerability is in the MS servers, I assume. It can be exploited by anyone who can access those servers ie: anyone.
  18. kaioo

    kaioo Registered Member

    Here is the real information ;)

    The bug has been reported some days ago by benjamin kunz mejri of vulnerability-lab.com & also by another unknown researcher to msrc.

    TITLE: Microsoft MSN Hotmail - Password Reset & Setup Vulnerability
    WATCH: http://www.vulnerability-lab.com/get_content.php?id=529

    The issue has been patched to 80% by MSRC last 2 days. I only wait till they confirm then the information will flow to all of ya. :ninja:
  19. Cudni

    Cudni Global Moderator

    Microsoft is aware of it and is investigating. Thanks for the report.
  20. funkydude

    funkydude Registered Member

    Thanks for bringing in some sanity.
  21. fax

    fax Registered Member

    :thumb: Indeed

    STONEMAN Registered Member

    any more news on this exploit?
    been trying to tell people but they dont seem
    to belive its true :rolleyes:
  23. kupo

    kupo Registered Member

    Even I, (if I'm not a user of Wilders), won't believe it. LOL
  24. m00nbl00d

    m00nbl00d Registered Member

    I think the main problem is that, at first - at least me :D - it sounded as if Hotmail was redirecting users to some exploit. Which is why I mentioned that it happened in the past - an hijacked advertisement. Also the reason I mentioned that restricting communications only to Hotmail servers would solve it.

    I mean 0-day exploit... I usually think of exploits against the web browsers/plug-ins. :D Then, it isn't really a 0-day exploit - Microsoft seems to be aware of it for 3 days now, at least, and got it most of the issue solved by now, according to kaioo.

    A title like Hotmail vulnerable and open to attacks or something more catchy, would have made it more clear... to me. :D
  25. fax

    fax Registered Member

Thread Status:
Not open for further replies.