Dror Shalev - Hotmail & Passport (.NET Accounts) MyMSN Vulnerability

Hotmail & Passport MyMSN Vulnerability
unbelievable thing:
http://www.hotmail.msn.com/cgi-bin/mymsn/mymsn.js?msgcount=10&a=12

and :
http://t.msn.com/en-us/default.aspx?ver=7.0.0777&did=1

allow direct access to Hotmail inbox
via My MSN custom home page

the victim must have
live session cookie.

Try it

Dror shalev 21-4-2205