Saturday, August 28, 2010
Hack Hotmail using XSS exploit
Sixteen year-old Adriaan Graas from The Netherlands informed Microsoft last week about an XSS (cross site scripting) exploit he found in Hotmail. The exploit allows hackers to steal cookies from their victims and obtain full control over their inboxes without the need of knowing their passwords.
The idea is simple. When you are logged-in into Hotmail, a cookie is created which allows you access every time you are in it’s domain. Since the cookie is not IP-bind (how is this possible? – microsoft) we are able to fake the cookie, when stolen. Then use it to login. This all does mean that we do not have to know the password or even the email address
<a href="http://www.raymond.cc/blog/archives/2006/07/07/hack-hotmail-using-xss-exploit/" >Hack Hotmail using XSS exploit</a>