Bugtraq mailing list archives

Re: Hotmail security hole - injecting JavaScript using <IMG LOWSRC="javascript:....">

From: nl () CT HEISE DE (Norbert Luckhardt)
Date: Tue, 4 Jan 2000 10:35:40 +0100


-----BEGIN PGP SIGNED MESSAGE-----

Hello out there,

At 14:34 03.01.00 , Georgi Guninski wrote:

Georgi Guninski security advisory #1, 2000

Hotmail security hole - injecting JavaScript using <IMG
LOWSRC="javascript:....">

...

Workaround: Disable JavaScript


this is a good security hint - but no workaround for hotmail users. hotmail
(perhaps only the MS passport service) needs javascript - without it you
only get the following message:

Sign In Access Error
JavaScript required. The browser that you are using does not support
JavaScript, or you may have
disabled JavaScript.

have secure fun, Shalom dann,
NOrbert

- --
Norbert Luckhardt   http://www.heise.de/ct/Redaktion/nl/
Redaktion c't       Tel.: +49 511 5352 - 300    Fax: +49 511 5352 - 417
Helstorfer Str. 7   D-30625 Hannover            BBS: +49 511 5352 - 301

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQCVAwUBOHGw3DYMsgdcZ8mpAQFlPwQAooduvRAD24bS85Nh57pUzjQI0ODixpt2
JdZN7LedvWn87ZLDggkQ3c9/NAz7VnPRC40RUjjNWeapED0AMwp+VZdJq3doGOPo
LDvmWAQUGX2mWI38rJ196fjlK7mUZoICU/JFDt9gbABF9g/+gk+aXCasmYv+kxqt
rFfIU07E5Jc=
=WAgc
-----END PGP SIGNATURE-----

Current thread:

Hotmail security hole - injecting JavaScript using <IMG LOWSRC="javascript:...."> Georgi Guninski (Jan 03)
- Re: Hotmail security hole - injecting JavaScript using <IMG LOWSRC="javascript:...."> Norbert Luckhardt (Jan 04)

Bugtraq mailing list archives

Re: Hotmail security hole - injecting JavaScript using <IMG LOWSRC=&quot;javascript:....&quot;>

Current thread:

Re: Hotmail security hole - injecting JavaScript using <IMG LOWSRC="javascript:....">