Bugtraq mailing list archives

SV: Yet another major Hotmail security hole - injecting JavaScript using "javas&#67ript:"

From: Jonathan () WIN32SOFTWARE COM (Jonathan James)
Date: Wed, 22 Sep 1999 21:06:51 +0200


I tested your script on my own Hotmail account, but the execution of the Javascript failed.
I'm using Netscape Communicator 4.05.

I also tested the same script using Internet Explorer 4.0 build 4.72.3110.4 SP1, it didn't execute in IE.

Maybe Microsoft has already fixed the security hole.

Regards
Jonathan James

----------------------------------------------
"Do not fear to be eccentric in opinion, 
for every opinion now accepted was once eccentric."
-- Bertrand Russell
----------------------------------------------
Jonathan James
ICQ: 34886860
http://www.win32software.com
----------------------------------------------

Current thread:

SV: Yet another major Hotmail security hole - injecting JavaScript using "javas&#67ript:" Jonathan James (Sep 22)
- solaris DoS David Brumley (Sep 22)
- Re: Yet another major Hotmail security hole - injecting JavaScript using "javas&#67ript:" Brian Hampson (Sep 23)
  - Re: Yet another major Hotmail security hole - injectingJavaScript using "javas&#67ript:" Thomas Reinke (Sep 23)

Bugtraq mailing list archives

SV: Yet another major Hotmail security hole - injecting JavaScript using &quot;javas&#67ript:&quot;

Current thread:

SV: Yet another major Hotmail security hole - injecting JavaScript using "javas&#67ript:"