Saturday, August 28, 2010

Hack Hotmail using XSS exploit

That microsoft’s code is not always secure, is very clear again with this XSS exploit. This is not the first XSS exploit that has been found, others have been found.


Sixteen year-old Adriaan Graas from The Netherlands informed Microsoft last week about an XSS (cross site scripting) exploit he found in Hotmail. The exploit allows hackers to steal cookies from their victims and obtain full control over their inboxes without the need of knowing their passwords.

The idea is simple. When you are logged-in into Hotmail, a cookie is created which allows you access every time you are in it’s domain. Since the cookie is not IP-bind (how is this possible? – microsoft) we are able to fake the cookie, when stolen. Then use it to login. This all does mean that we do not have to know the password or even the email address

of the victim. Trough XSS we can insert an piece of javascript code that will send the cookie to a webserver with an log script. This can be written in PHP, ASP, CGI practically anything you want. The cookie can be faked with Proxomitron.
Read More
[tags]Hotmail, Hack, XSS, exploit[/tags]
Copying this article to your website is strictly NOT allowed. However, if you like this

article,you can use the HTML code below to directly link to this article.
 
<a href="http://www.raymond.cc/blog/archives/2006/07/07/hack-hotmail-using-xss-exploit/" >Hack Hotmail using XSS exploit</a>

No comments:

Post a Comment