smtp relay check
more info
translate to ...
[1] . [2] . [3] . [4] . [5] . [6] . [7] . [8]
EyeonSecurity Forums
elfqrin swg help net security
frame4 security hacker gurus computerglitch
gotr00t b0iler hackinthebox wand products
adv-knowledge rootshell wbglinks
Copyright © 2001,2002 eyeonsecurity Inc., All Rights Reserved. No portions of eyeonsecurity may be used without express, written permission

Microsoft Passport Account Hijack Attack

An analysis of one attack on Microsoft (now .NET) Passport - Cross Site scripting. This document describes an obvious flaw in the security of this system and how an attacker can proceed to exploit such a flaw to gain access to other user's accounts. This paper covers the following points:
- An introduction to Web Applications and the underlying authentication schemes and concepts
- Description of the idea behind Microsoft Passport
- How Microsoft Passport actually works and how to use that knowledge to gain unauthorised access.
  How to go about exploiting Cross site scripting
- Bypassing countermeasures for Cross site scripting
- An actual exploit scenario

Download Paper (need pdf view eg. acrobat reader)
View online version
Old version (online)