Bugtraq mailing list archives
RE: XSS bug in hotmail login page
From: Thor Larholm <Thor () jubii dk>
Date: Mon, 7 Oct 2002 17:57:24 +0200
From: Peter Rdam [mailto:hell () weedmail com] They didnt reacted, and im pretty curious about what is possible with the bug. And i actually hope that someone can tell me about it and maybe Microsoft will do something about it..
It's very simple, you can inject arbitrary scripting to be executed by the user in the context of hotmail. This means that you can e.g. steal his cookies or, if he's logged in, write emails from his account, delete his mails and change his password. Regards Thor Larholm Jubii A/S - Internet Programmer
Current thread:
- XSS bug in hotmail login page Peter Rdam (Oct 07)
- <Possible follow-ups>
- RE: XSS bug in hotmail login page Thor Larholm (Oct 07)
- RE: XSS bug in hotmail login page Russell Harding (Oct 08)
- Re: XSS bug in hotmail login page Inderjeet S Sodhi (Oct 09)
- RE: XSS bug in hotmail login page Russell Harding (Oct 08)
- RE: XSS bug in hotmail login page Thor Larholm (Oct 08)
- Re: XSS bug in hotmail login page Muhammad Faisal Rauf Danka (Oct 08)
- Re: XSS bug in hotmail login page Berend-Jan Wever (Oct 08)