7:35:00 PM
0
Hey Guys have the interesting news for you all..yeah i am going to explain a hacking trick, call your friends from their own numbers ....
Ok enough of the introduction.. let us start finding out how this can be done..
There is a site with the name of MOBIVOX - hey don't start googling it now I'll tell you when its time.You have to register in that site to get started. The main highlight is ,as always I say " Its Free
Click here to get to the registration page 
 
 
Register there and login to your account after Email verification.You will get some free time( and guess what it is more than enough to play pranks on your friends by calling to their number using their number itself.)
After login you will get a screen similar to the one below
 
Now click on "My Profile" link on the Left hand side of the same page and you will get the page similar to the one showed below.
 
Now click on the edit button to change the attacker's mobile number.Provide the space with the target's mobile number and save it.

so let us assume that the target's mobile number is "1234567890" give the same as your mobile number before initiating the call.

Now click on the DirectWeb call Button (right hand side top, near "My MOBIVOX" tab)

This will fetch you a page similar to the one displayed below
 
When you click on the call now button.The target mobile,here its "1234567890" will receive a call from "1234567890" itself.

Ok so now you are done.Now you can play pranks on your friends.But be sure to educate them at the end of the play.Remember sharing is caring.

So what are you waiting for click on this link to try it out Register Me

NB:
  • This is a clear exploitation of the Input validation vulnerability on that site.
  • The main countermeasure they can take is to send a confirmation code every time the user's mobile number is changed and ask him to enter it in the site to activate the new number.
  • You can call to any phone in this world for free and talk with your mobile itself.
  • My case studies proved that this can be further exploited when you use a disposable email ID to login to this site.Correct me if I am wrong
  • The prank quotient of this hack is high and security quotient is medium.
 
 
 
 

0 comments:

Post a Comment

Thank You for your valuable comments.. you will get reply soon.