EvilZone

Unless you have a specific question you should poke around some more before just asking us how to do it 

So I think I understood how the process of password recovery on the website works.
I enter the username:
-> it gives me a cookie and asks me for birth date
-> I enter the correct birth date, i get another cookie and get transferred to the secret question
-> I enter the correct answer, I get a cookie and get transferred to the change password page
Before I was able to skip the birth date page entirely, because the birth date and secret question pages used the same cookie, so I'd just send the POST parameter to the new page with the same cookie and a test answer.
I was ready to give up on this when I found something interesting: I can still access the secret question page even without giving the correct birth date, but I just don't see the question. If I answer it correctly, I get to the password change page. Basically it will be great if I can see the question again.
This is not the case for the password change page, I can't access it without the correct cookie.
I'm trying everything without any direction, it would be great if I get some pointers on what to try and check.

So I had been exploiting an online email website (which should not be named) by abusing a bug in the password recovery forms, which allowed me to skip to the last step of the recovery by manipulating the headers . But they recently fixed it (some sort of cookie change between the recovery steps or something), so I'm forced to look for other vulnerabilities. I'm new with website hacking and the bug I found was pure luck. I'm not even sure how is this vulnerability called or how it works.
Any idea how to identify the exact software running on the website so I can start reading on it and how to exploit it ? What setup are typically such sites running, and what's the easiest way of attacking them? Thanks
PS: I'm not using it for anything substantially wrong.