 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Get a @whateveryouwant with this sql injection at msn |
 |
 Posted: Sat Nov 11, 2006 7:03 pm |
 |
|
| ToXiC |
| Moderator |
 |
|
| Joined: Dec 01, 2004 |
| Posts: 181 |
| Location: Cyprus |
|
|
 |
|
 |
|
1. Goto http://get.live.com/getlive/overview to start registering your windows live account.
2. Press the sign-up button and you will be presented a form to sign up for a hotmail account.
3.Copy the following javascript injection code:
| Code: | | javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="live.");r(a = new Array("hotmail.com","hotmail.co.uk","msn.com",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*csthis.com*/,d+"nl")); for (i=0;i<a.length;i++){ s(i ) }alert("Success - additional domains added!"); |
4. Paste the code in your address bar (you know, that thing you normally type www.warxe.us).
5. Hit enter, if all went well it should show a message box telling you "Success - additional domains added!".
6.Now you can select a multitude of domains, fill out the form and you are ready to go! |
|
_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
|
|
| Posted: Wed Nov 22, 2006 1:50 am |
|
|
| ToXiC |
| Moderator |
|
|
| Joined: Dec 01, 2004 |
| Posts: 181 |
| Location: Cyprus |
|
|
|
|
|
|
check this out also ..
| Code: | | javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="toxic.");r(a = new Array("hotmail.com","waraxe.us","nasa.gov","fbi.gov","iknowwhatyoudidlastsummer.info",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*csthis.com*/,d+"nl")); for (i=0;i<a.length;i++){ s(i ) }alert("Success - additional domains added! thanx to waraxe community!"); |
use it wisely |
|
_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
| Posted: Wed Nov 22, 2006 3:11 pm |
|
|
| Soupsportz |
| Regular user |
 |
|
| Joined: Nov 12, 2006 |
| Posts: 9 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Nov 22, 2006 4:30 pm |
|
|
| Shaggy |
| Regular user |
|
|
| Joined: Nov 19, 2006 |
| Posts: 17 |
|
|
|
|
|
|
|
| Soupsportz wrote: | | Is it possible to actually use the mail? I want to scare some people with internet-crime@fbi.gov |
Nope, it sends the conformation email to whatever domain you choose but lets you sign into msn under that email address provided its not being used for msn already.
Bit of fun, not very usefull though. |
|
|
|
|
|
|
|
|
| Posted: Wed Nov 22, 2006 7:45 pm |
|
|
| ToXiC |
| Moderator |
|
|
| Joined: Dec 01, 2004 |
| Posts: 181 |
| Location: Cyprus |
|
|
|
|
|
|
| Shaggy wrote: | | Soupsportz wrote: | | Is it possible to actually use the mail? I want to scare some people with internet-crime@fbi.gov |
Nope, it sends the conformation email to whatever domain you choose but lets you sign into msn under that email address provided its not being used for msn already.
Bit of fun, not very usefull though. |
hmmm i dont know .. i found it usefull because live site is very badly programmed ...
there is also a way to "apper" to be verified
| Code: | | https://account.live.com/MessagePage.aspx?lc=1033&message=SIconfirmed¶m=toxic@nasa.gov |
ok not functional ... you can also use url encoding to do more funny stuff
| Code: | | https://account.live.com/MessagePage.aspx?lc=1033&message=SIconfirmed¶m=%68%65%6C%6C%6F%20%68%6F%77%20%61%72%65%20%79%6F%75%20%2E%2E%20%77%61%72%61%78%65%2E%75%73 |
i dont know.. if anyone finds a way to verify the email .. share it
still Not very usefull ? |
|
_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
|
|
| Posted: Wed Nov 22, 2006 7:58 pm |
|
|
| ToXiC |
| Moderator |
|
|
| Joined: Dec 01, 2004 |
| Posts: 181 |
| Location: Cyprus |
|
|
|
|
|
|
| Soupsportz wrote: | | Is it possible to actually use the mail? I want to scare some people with internet-crime@fbi.gov |
you can easily send anonymous mail if you want to scare people.. but thats another story |
|
_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
| Posted: Thu Nov 23, 2006 12:07 am |
|
|
| slimjim100 |
| Valuable expert |
 |
|
| Joined: Jun 09, 2004 |
| Posts: 208 |
| Location: USA |
|
|
|
|
|
|
ToXiC Great work!!!! Thanks for sharing with all of us!
Slimjim100 |
|
|
|
|
| Posted: Sun Jul 15, 2007 4:34 pm |
|
|
| Cablekid |
| Advanced user |
|
|
| Joined: Jul 14, 2007 |
| Posts: 85 |
|
|
|
|
|
|
|
CRAZY 
Anyone figure out how to confirm email? |
|
|
|
|
| Posted: Mon Jul 16, 2007 12:21 am |
|
|
| blaxenet |
| Active user |
|
|
| Joined: Jun 20, 2007 |
| Posts: 26 |
|
|
|
|
|
|
|
Without going to the trouble of using this exploit there is another simple way.
Just go to www.passport.net and click the signup link.
Enter in some bogus details and the email address is yours.
I don't think there is any known methods for confirming the email address. |
|
_________________
Blaxenet |
|
|
|
| Posted: Mon Jul 16, 2007 2:29 am |
|
|
| mainstream |
| Regular user |
|
|
| Joined: Sep 04, 2006 |
| Posts: 18 |
|
|
|
|
|
|
|
well all goes good till you submit and get this error
| Code: | We are working to fix a temporary problem with our sign-up service.
Please try again.
Error code: 32
|
|
|
|
|
|
| Posted: Mon Jul 16, 2007 3:21 am |
|
|
| Cablekid |
| Advanced user |
|
|
| Joined: Jul 14, 2007 |
| Posts: 85 |
|
|
|
|
|
|
|
| Ya just wait about an hour and retry i just registered a new account |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 98
Members: 0
Total: 98
