bug mail 
The alternative
The alternative HOTMAIL
blogs of my friends did not remember what days earlier had seen a very striking with the name "The alternative mail bug" and now I got to try and very good results.
Let's at issue:
When we register a new email account on Hotmail, it requires a field "Alternate Email" for possible restoration password This field allows you to enter any email, whether or not there
.
Now we mentioned how to exploit this bug, we will select a target:
, enter the page maccount.live.com and have a window like the following:
Forgot your password?
then a window will have to fill 2 fields, the first target of the mail account and the second with a captcha. Something like this:
The following page will be 2 options, , depending on the information entered when creating the email account
, one of them is that we use to get total control email account target, this option is Reset your password, email .
But now, tell us why: to continue with steps to restore password, send an email to the email alternative procedure.
But what the hell, we only show the first 2 letters of alternative mail, as we do to get your entire account. Looking at the source code, you see something interesting hidden fields! and Voala! one is the alternate email account.
now have a 50% chance of seizing the original mail account, we can only hope and pray that the alternate email account is not created or are created, we hope to that downtime in this account is in a disabled state. Go to the homepage hotmail \u0026lt;
login.live.com > and try to create alternative email account obtained.
But what the hell, put my alternate email account and no, I can create that account. Now we have a 100% chance to seize the main target. We created the account, and perform the steps above to send us the following steps to the email account you just created.
Account Login we create, and look that there is a mail Password Reset Windows Live
Now we can only follow the steps,
Greetings to "
 |
| password reset option . |
then a window will have to fill 2 fields, the first target of the mail account and the second with a captcha. Something like this:
 |
| target and captcha. |
The following page will be 2 options, , depending on the information entered when creating the email account
, one of them is that we use to get total control email account target, this option is Reset your password, email .
 |
| password reset method. |
But now, tell us why: to continue with steps to restore password, send an email to the email alternative procedure.
But what the hell, we only show the first 2 letters of alternative mail, as we do to get your entire account. Looking at the source code, you see something interesting hidden fields! and Voala! one is the alternate email account.
 |
| alternative mail, through hidden fields on the form. |
now have a 50% chance of seizing the original mail account, we can only hope and pray that the alternate email account is not created or are created, we hope to that downtime in this account is in a disabled state. Go to the homepage hotmail \u0026lt;
login.live.com > and try to create alternative email account obtained.
 |
| status check alternate email account. |
But what the hell, put my alternate email account and no, I can create that account. Now we have a 100% chance to seize the main target. We created the account, and perform the steps above to send us the following steps to the email account you just created.
Account Login we create, and look that there is a mail
.
 |
| Hosting mail for password reset. |
Now we can only follow the steps,
 |
| new password for the main target. |
Greetings to "
0 comments:
Post a Comment