Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to stop spam, detect robotic activity, and actually harm the spam trade, as well as how it works, how to circumvent filters, etc. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Microsoft Web Exchange
Posted by: beaule
Date: March 29, 2007 02:28AM

Maybe somebody heard about this issue...
when i'm browsing my company's Microsoft WebExchange i see this link

http://www.myCompany.com/exchweb/bin/redir.asp?URL=http://www.site.com
Nice phishing issue, isn't it?

1) search web exchange for company X in using google
2) search email adresses available for this company in using google (or browsing their website)
3) send to this adress a phishing mail... something like
****
Hello,
please follow this link to access the new
logon web mail interface
http://www.myCompany.com/exchweb/bin/redir.asp?URL=http://www.hack.com/logon.do

Your mail administrator
*****
And retrieve logon for users (probably the same as network access logon, VOIP,...)

Options: ReplyQuote
Re: Microsoft Web Exchange
Posted by: rsnake
Date: March 29, 2007 09:14PM

That might be interesting to abuse them but mostly that's just like any phishing attack in a lot of ways. Btw, that function is also vuln to XSS. :)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Microsoft Web Exchange
Posted by: beaule
Date: March 30, 2007 03:04AM

Yes of course simple phishing attack :)...
it seems that this issue is a well known issue...
isn't it?

Options: ReplyQuote
Re: Microsoft Web Exchange
Posted by: hackathology
Date: March 31, 2007 03:47AM

yeap.

http://hackathology.blogspot.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.