Isnt this the same vulnerabilitywhich was first reported on FD(almost a year ago..) ..and supposedly made FD "famous" (as regards being noticed by the press).
> I am forwarding this as it may impact people whom > depend on MSN or > passport systems for business reasons. Contrary to > what at > least one of the full-disclosure follow-ups reports, > it does work. > > D > > > ---------- Forwarded message ---------- > Date: Wed, 7 May 2003 19:50:51 -0700 (PDT) > From: Muhammad Faisal Rauf Danka > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] Hotmail & Passport (.NET > Accounts) Vulnerability > > Hotmail & Passport (.NET Accounts) Vulnerability > > There is a very serious and stupid vulnerability or > badcoding in Hotmail / > Passport�??s (.NET > Accounts) > > I tried sending emails several times to Hotmail / > Passport contact > addresses, but always met > with the NLP bots. > > I guess I don�??t need to go in details of how > cruical and important Hotmail > / Passport�??s > .NET Account passport is to anyone. > > You name it and they have it, E-Commerce, Credit > Card processing, Personal > Emails, Privacy Issues, > Corporate Espionage, maybe stalkers and what not. > > It is so simple that it is funny. > > All you got to do is hit the following in your > browser: > > https://register.passport.net/emailpwdreset.srf?lc=1033&[EMAIL PROTECTED]&id=&cb=&[EMAIL PROTECTED]&rst=1 > > And you�??ll get an email on [EMAIL PROTECTED] > asking you to click on a > url something like > this: > > http://register.passport.net/EmailPage.srf?EmailID=CD4DC30B34D9ABC6&URLNum=0&lc=1033 > > >From that url, you can reset the password and I > don�??t think I need to say > >anything more about > it. > > Vulnerability / Flaw discovered : 12th April 2003 > Vendor / Owner notified : Yes (as far as emailing > them more than 10 times is > concerned) > > > Regards > -------- > Muhammad Faisal Rauf Danka > > _________________________________________________________________ > Charla con tus amigos en l�nea mediante MSN > Messenger: > http://messenger.latam.msn.com/ ________________________________________________________________________ Yahoo! India Matrimony: Find your partner online. http://yahoo.shaadi.com/india-matrimony/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
