Bugtraq mailing list archives
hotmail css/div exploit: new version
From: gregory duchemin <c3rb3r () HOTMAIL COM>
Date: Tue, 30 Jan 2001 15:16:29 -0000
hello, the last exploit was broken with msie 5.50, in fact the background image didn't appear at all, anyway it was a bad idea to use it. So i decided to learn a bit more about css and this is a new version that will work with msie 4/5/5.50, the background color is now fixed as a blank value (#ffffff) into the div class (thus deleting one useless connection) The mail folders navigator input form that buggily appeared on the top layer was fix too by playing with its porperties (select{ visibility:hidden}). The scrollbar at the bottom was reduced with the help of the class width parameter. U will have to choose it accordingly to the screen res of the trojan receiver, if u don't know ( u should ;) ), just take a big value. But this exploit isn't absolutely perfect, we have still this advertising iframe at the top middle and since we can't use javascript to modify its properties, i have no more idea at least for now. This iframe tag is really interesting but already filtered by hotmail and yahoo, may be in some cross-vulnerable sites list that was diffused here some weeks ago. Anyway it would be much more than necessary to recover most of hotmail 74 millions mailboxes passwords. it would. herewith u will find the exploit, just copy it (ctrl-c/v) in a mail to YOUR OWN hotmail account. NOTE: To work properly, the message MUST BEGIN with the html tag (nothing above). NOTE2: don't send it to me ;) and again, Don't use it for any malicious activity. Have a nice day =============== Gregory Duchemin - Security Consultant - NEUROCOM CANADA 1001 bd Maisonneuve Ouest - suite 200 H3A 3C8 Montreal - Quebec - CANADA c3rb3r () hotmail com _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Current thread:
- hotmail css/div exploit: new version gregory duchemin (Jan 30)