Bugtraq mailing list archives
SV: Serious Security Hole in Hotmail
From: james () MBOX304 SWIPNET SE (Jonathan James)
Date: Tue, 25 Aug 1998 20:14:07 +0200
Hello everybody. I studied Mr. Cervenka's e-mail and then started to experiment. There is a way to do this to a browser that has Javascripting disabled. Just put a META REFRESH tag into the htmlfile, the URL should point to the URL which contains the actual capturing and sending of the password/login. This is shown in an example below. <html> <meta http-equiv="refresh" content="1; url=the-url-that-is-to-be-pointed-to"> and so on..... Thankyou for your time. Regards Jonathan James
Current thread:
- Re: FreeBSD's RST validation, (continued)
- Re: FreeBSD's RST validation Oliver Friedrichs (Aug 31)
- SEYON vulnerability in TurboLinux 2.0 Scott Stone (Aug 30)
- Re: buffer overflow in nslookup? www.devoid.net (Aug 30)
- Re: buffer overflow in nslookup? Benjamin J Stassart (Aug 30)
- Re: buffer overflow in nslookup? Theo de Raadt (Aug 31)
- Re: buffer overflow in nslookup? Uwe Ohse (Aug 31)
- Hole in Oracle Server/Developer 2000 - authentication protocol. Yaron Yanay (Aug 31)
- Re: buffer overflow in nslookup? Willy TARREAU (Aug 31)