Hacking Hotmail trough XSS
This is a discussion about Hacking Hotmail trough XSS in the Warp2search Hang Out category; Introduction That microsoft's code is not always secure, is very clear again with this XSS exploit. This is not the first XSS exploit that has been found, others have been found.
This topic was started by Jackass, . Last reply by pedro,
Introduction
That microsoft's code is not always secure, is very clear again with this XSS exploit. This is not the first XSS exploit that has been found, others have been found. If you are viewing this document offline, the newest version can be found here. I am Adriaan Graas, a student who is interested in internet security and web development. I am currently 16 years old, though that would not make the exploit less effective.
Please do not mail me for hacking your ex-girlfriends inbox. Get away moron.
How
The idea is simple. When u are logged-in into Hotmail, a cookie is created wich allows you access every time you are in it's domain. Since the cookie is not IP-bind (how is this possible? - microsoft) we are able to fake the cookie, when stolen. Then use it to login. This all does mean that we do not have to know the password or even the emailaddress of the victim. Trough XSS we can insert an piece of javascript code that will send the cookie to a webserver with an log script. This can be written in PHP, ASP, CGI practically anything you want. The cookie can be faked with Proxomitron.
Adriaan Graas security and web development
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
Responses to this topic
hello im really interested in your method but for a good reason i want you to hack my account hotmail because i think someone did it and i cant get in can you help me pls its because i have important contacts of family pls help
