some people talk to me before was wondering "How do hacker change thier hotmail accounts?"
simply I will explain how this thing works but I will not tell you how to do it :D because it's so evil, anyways let's begin
first of all the hacker depend on a famous error that no "Web Developer" full into it this Error is called XSS or Cross Site Scripting, the cross site scripting is a little problem that enable anyone to change something in the page content through the query string, that is passed between the web pages in a site, this is the first thing that hacker look for on the sites like "MSN" and "Hotmail"
the next stage is "Stealing your Session ID", but what is the session ID, Session Id is something like that enable the server to know that you is you :D, in anther way you can say that this Session ID hold a key when you request something from the server the server will check something like a table and get the rest of your information by it,
what is the problem then ? the problem is that this session ID is stored as cookies which means that anyone can get and it's so simple-check this topic "I have wrote it before" http://www.codeproject.com/useritems/externalmenuArgument.asp- after that the hacker send you something so normal that you will never doubt, the hacker will send you a link that will redirect you to any page that has the "XSS" problem, and it will contain a small script that take your session id and send it to anther site,
now the hacker has your session ID, but how he will use it, simply did you use opera browser before, this is the simplest way he will use opera to change his/her session id to appear to hotmail or MSN that he/she is you, after that he can , so anther trick that enable him/her to change your Email password, it depend on the same issue,
how to protect your self? it's little tough but you have to do it
Don't open any link by just clicking on it, copy it and open in anther browser
the other way it will be more tough is to disable the Javascript on the browser
the last note is to sign out after you do what you want to in your Email account,
I wish it really help please if you find anything wrong please post comment, we all seeking to learn :)
thanks for your time reading it :)
if you don't mind kick it for me :)
3 comments:
elSalmao Alikum
Dear Ahmed, thanks for the nice article, you're mentioning something that already happen to me, it is a simple page with a client-side script which could be XSS as you mentioned, but anyway they kept the session-ID, and then they can get access EVERY TIME to the email "Hotmail" I even challenged the guy to change the account password after I change it, and still he can get access to it somehow and change it again and again !... weird,…
Anyway, in your previous post you mentioned the Session-ID and I was wondering what do you mean by session-ID, do you mean this long query-string sent on the Hotmail pages url, or this is a Session-ID created by the browser itself ?
Because I don't understand what is the relation of any link that could be sent using the MSN itself and when I open the link "click the link direct" it will open-up the associated program of that link "which is IE Internet Explorer", means it will execute the url "shellExecute API" , the browser will "navigate" to the given URL ? what is wrong with that?
Another question,… XSS can give you the access to the information from whatever the DOM of the HTML object or any element maybe, but what is the type of information that would be used to let another user get access to the Hotmail email, ? I don't think it is the url?, if I give you the link of my INBOX once I logged, you will not be able to view the link, unless you pass the authentication first ! ?
Thanks
Jazakum Allahu Khayran
Your friend "Mohamed Shehata "a.k.a "S|M|O|K|E"
Dear My Brother Ragab
this problem will happen with any opreating system.
this problem only can be solved by the Applicaiton Developer, they should has much care about Validation of the incoming data.
to solve such problem ( don't ever trust that anything coming to you is the right thing )
I wish you got my point :)
Post a Comment