There are different way of stealing cookies, that we will discuss below. In May 2012, another Indian security researcher Rishi Narang claimed similar vulnerability in Linkedin website.
Step 2, Open another browser or any other system, where you should have cookie-importer to import cookies. Select the file exported in last step and import it.
If one have physical access, he can do many more things, then why just stealing cookies ? Because once attacker has the cookies, he can reuse it again and again that for re-authentication , even after victim logout the session from his end any number of times. So, no change that victom's will ever come to know thar his account is compromised.
So if someone found XSS vulnerability in Hotmail or Outlook in future, he will be able to steal cookies by crafting malicious links. In this method, the combination of cross site scripting vulnerability and Cookie Handling Vulnerability will lead to account hijacking of Hotmail and Outlook accounts.
For example, Just a few days back, an unknown hacker was selling an exploit in $700 that allows individuals to hijack a Yahoo! email account, in that case hacker was using a cross site scripting in one of the domain of Yahoo website.
4.) Malwares and Stealer (Success Rate - 100%): Victim PC can be in hacked using a Auto Cookie stealing Malware (that is currently under beta testing in by the team) or any RAT tool can allow attacker to get your cookies remotely.
Vulnerability Reported - 11 Nov 2012
Reply from vendor - 12 Dec 2012
Vulnerability Public Disclosure - 14 Dec 2012
We hope, Microsoft will take the issue seriously as soon as possible to fix the issue!