Bugtraq mailing list archives
Re: Yet another Hotmail security hole - injecting JavaScript in
From: JKing () GFPGROUP COM (Justin King)
Date: Wed, 5 Jan 2000 13:23:33 -0500
This is expected behavior. JavaScript can be inserted almost anywhere, and this is a good thing. As Henrik Nordstrom pointed out earlier, JavaScript might be used in this particular instance to calculate the URL of the image tag. The point of JavaScript is to add interactive functionality to all the HTML objects. Browsers recognize this, web developers do not. What "would be nice", is if someone would publish an algorithm that, to current standard specs, removes all non-permitted HTML tags, any non-permitted attributes to those tags, and any JavaScript. Any takers? -----Original Message----- From: Nick FitzGerald [mailto:nick () VIRUS-L DEMON CO UK] Sent: Tuesday, January 04, 2000 10:59 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: Yet another Hotmail security hole - injecting JavaScript in
Georgi Guninski security advisory #2, 2000 Yet another Hotmail security hole - injecting JavaScript in IE using <IMG DYNRC="javascript:....">
<<snip>> It would be nice to think that while fixing the previous hole (<IMG LOWSRC="javascript:....">), one or two of the MS/Hotmail security staff might have wondered "What other parameters on this and other tags may be similarly exploitable?". Yeah, right... I note that no browser fixes have been notified/posted yet, or is this a Hotmail-only hole (i.e. "expected behaviour" in the browser)? Regards, Nick FitzGerald
Current thread:
- Re: Yet another Hotmail security hole - injecting JavaScript in Justin King (Jan 05)