Bugtraq mailing list archives
Re: Yet another Hotmail security hole - injecting JavaScript in
From: nick () VIRUS-L DEMON CO UK (Nick FitzGerald)
Date: Wed, 5 Jan 2000 15:58:33 +1200
Georgi Guninski security advisory #2, 2000 Yet another Hotmail security hole - injecting JavaScript in IE using <IMG DYNRC="javascript:....">
<<snip>> It would be nice to think that while fixing the previous hole (<IMG LOWSRC="javascript:....">), one or two of the MS/Hotmail security staff might have wondered "What other parameters on this and other tags may be similarly exploitable?". Yeah, right... I note that no browser fixes have been notified/posted yet, or is this a Hotmail-only hole (i.e. "expected behaviour" in the browser)? Regards, Nick FitzGerald
Current thread:
- Yet another Hotmail security hole - injecting JavaScript in IE using <IMG DYNRC="javascript:...."> Georgi Guninski (Jan 04)
- Re: Yet another Hotmail security hole - injecting JavaScript in Nick FitzGerald (Jan 04)