Bugtraq mailing list archives
Re: Hotmail security vulnerability - injecting JavaScript using<STYLE> tag
From: joro () NAT BG (Georgi Guninski)
Date: Wed, 15 Sep 1999 10:20:26 +0300
Olaf Titz wrote:
In article <37DCF0FE.908E4B4F () nat bg> you write:Note: This is not a browser problem, it is Hotmail's problem.It is a browser problem, at least for the Netscape version.
I continue to think this is NOT a browser problem. In both Netscape and Internet Explorer the behaviour of executing JavaScript via STYLE tag is fully documented, check the documentation. The fact that Hotmail does not filter this kind of JavaScript is a Hotmail's problem.
<P STYLE="left:expression(eval('alert(\'JavaScript is executed\');window.close()'))" >One could argue that styles can be computed via Javascript...
This definitely works, I have tried it numerous times. The same may be reproduced by: <A HREF="#" STYLE="left:(expression(...))">link</A> and in many other cases.
<STYLE TYPE="text/javascript">...but that is ridiculous. The browser should simply ignore a stylesheet of an unknown type, there is a reason for the type parameter after all. (Unless it is a deliberate feature that you can substitute STYLE for SCRIPT, which I somehow doubt.)
Again, this behaviour is fully documented in Netscape's documentation. Regards, Georgi
Current thread:
- (no subject) Mark Ultor (Sep 09)
- Re: your mail KSR[T] Contact Account (Sep 11)
- elm filter program Cornelius Krasel (Sep 12)
- Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Georgi Guninski (Sep 13)
- Re: Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Olaf Titz (Sep 14)
- Re: Hotmail security vulnerability - injecting JavaScript using Alan Cox (Sep 15)
- Re: Hotmail security vulnerability - injecting JavaScript using<STYLE> tag Georgi Guninski (Sep 15)
- Re: Hotmail security vulnerability - injecting JavaScript using<STYLE> tag Eivind Eklund (Sep 15)
- [support_feedback () us-support external hp com: Security Bulletins Digest] Patrick Oonk (Sep 15)
- Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Georgi Guninski (Sep 13)
- Re: elm filter program Bill Pemberton (Sep 13)
- [RHSA-1999:037-01] Buffer overflow in mars_nwe Bill Nottingham (Sep 13)