Bugtraq mailing list archives

SV: Serious Security Hole in Hotmail

From: james () MBOX304 SWIPNET SE (Jonathan James)
Date: Tue, 25 Aug 1998 20:14:07 +0200


Hello everybody.
I studied Mr. Cervenka's e-mail and then started to experiment.
There is a way to do this to a browser that has Javascripting disabled.
Just put a META REFRESH tag into the htmlfile, the URL should point to the
URL which contains the actual capturing and sending of the password/login.
This is shown in an example below.

<html>
<meta http-equiv="refresh" content="1;
url=the-url-that-is-to-be-pointed-to">
and so on.....

Thankyou for your time.

Regards
Jonathan James

Current thread:

Re: FreeBSD's RST validation, (continued)
- - - Re: FreeBSD's RST validation Oliver Friedrichs (Aug 31)
    - SEYON vulnerability in TurboLinux 2.0 Scott Stone (Aug 30)
    - Re: buffer overflow in nslookup? www.devoid.net (Aug 30)
    - Re: buffer overflow in nslookup? Benjamin J Stassart (Aug 30)
    - Re: buffer overflow in nslookup? Theo de Raadt (Aug 31)
    - Re: buffer overflow in nslookup? Uwe Ohse (Aug 31)
    - Hole in Oracle Server/Developer 2000 - authentication protocol. Yaron Yanay (Aug 31)
    - Re: buffer overflow in nslookup? Willy TARREAU (Aug 31)
- PTL Advisory: NetManage ZPOP v1.0 ekiM (Aug 25)
- Administrivia Aleph One (Aug 25)
- SV: Serious Security Hole in Hotmail Jonathan James (Aug 25)