httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@cp.net
Subject Re: (hotmail hacked) (hotmails runs apache)
Date Mon, 30 Aug 1999 19:36:51 GMT
tser wrote:
> 
> Hi,
> 
> Does anybody know the tech details in the hotmail hack ?
> What i could make up from all the blabla floating around was
> that it was a programing error on the cgi interface.
> 
> Afterall they used apache there, and not iis,
> so there web server should have been safe.

It isn't a stack smashing attack to get a root shell or anything.  It is
bone-headed programming on the part of their application writers.  They
implemented a new "Microsoft Passport" system that allows you to access
multiple Microsoft services with a single login.  They wrote the system
such that passing the fields "user" and "pass" in the query string
allows you to access user's mailbox even if pass is not the correct
password.

At this time it looks like they have taken their service offline, but
you can see how simple the attack is at http://lagparty.org/hotmail

Cheers,
Jeffrey
-- 
Jeffrey W. Baker * jwb@cp.net
Critical Path, Inc. * we handle the world's email * www.cp.net
415.808.8807

Mime
View raw message