Vulnerability in mail.ru mail, allowing you to change the password on any mailbox without a secret question

Mail.Ru - The Ghost Question Bug!

Vulnerability was quite serious and for this I wanted to come up with a sonorous name.
Why named just so find out below.

The other day, I decided to re-take the Primari base on mail.ru and re-open the boxes on secret issues. In 2011, several hundred boxes were removed and for this the question arose: where to get the actual answers !?
Without thinking, I turned to the recently found tricks. With it, you can find the name and surname of any registered mailbox in mail.ru. To do this, follow the link www.icq.com/download/webicq/ru , we enter in ICQ and in the search we drive in the desired soap.
In response, we receive the first and last name from the information about the owner of the box, date of birth and city.

In appearance everything is fine, but paring with this method surnames and names did not work out. From grief I decided to take them from “My World”, but not all the boxes are registered there, to be exact, not everyone has “My World”.

A few minutes later the rule was ready that from the list with lines of the form:
')
user@mail.ru |
made a list
user@mail.ru| Petrov.

Parparsiv received base and thrusting them into brute was removed a few mailboxes on the names and some of the gaps! Hmm ... Spaces?
Having entered the password recovery form from a random box and tried to enter a space instead of an answer, I realized that a space is still an empty answer, and since the brute that I used cannot be brutal to empty answers, I decided to create a sors list with spaces! Voila - a bunch of removed boxes, and among them 4 single characters.

But not long I was happy. Having tried to change the password from the box I liked, I saw that the secret question was not installed on it. Then I decided to imitate the work of the brutus and look, why did he put it in good? This query was built:

e.mail.ru/cgi-bin/passremind?action=answer&Username=&Domain=&Submit_PasswordAnswer=1&lang=ru_RU&answer=

, , ! .



, ... , , , , , .

, m.mail.ru - . "", :

m.mail.ru/cgi-bin/passremind?action=answer&Usern ame=&Domain=&Su bmit_PasswordAnswer=1&lang=ru_ RU&answer=

:



.
, , , , «».

16.02.2013, .