hotmail css/div exploit: new version

[gregory duchemin <c3rb3r () HOTMAIL COM>]

hello,

the last exploit was broken with msie 5.50, in fact the background
image didn't appear at all, anyway it was a bad idea to use it.
So i decided to learn a bit more about css and this is a new version
that will work with msie 4/5/5.50, the background color is now fixed as a
blank value (#ffffff) into the div class (thus deleting one useless
connection)

The mail folders navigator input form that buggily appeared on the top layer
was fix too by playing with its porperties (select{ visibility:hidden}).

The scrollbar at the bottom was reduced with the help of the class width
parameter. U will have to choose it accordingly to the screen res of the
trojan receiver, if u don't know ( u should ;) ), just take a big value.

But this exploit isn't absolutely perfect, we have still this advertising
iframe at the top middle and since we can't use javascript to modify its
properties, i have no more idea at least for now.
This iframe tag is really interesting but already filtered by hotmail and
yahoo, may be in some cross-vulnerable sites list that was diffused here
some weeks ago.

Anyway it would be much more than necessary to recover most of hotmail 74
millions mailboxes passwords. it would.

herewith u will find the exploit, just copy it (ctrl-c/v) in a mail to  YOUR
OWN hotmail account.
NOTE: To work properly, the message MUST BEGIN with the html tag (nothing
above).
NOTE2: don't send it to me ;)
and again,

Don't use it for any malicious activity.



Have a nice day

===============
Gregory Duchemin  - Security Consultant -
NEUROCOM CANADA
1001 bd Maisonneuve Ouest - suite 200
H3A 3C8 Montreal - Quebec - CANADA
c3rb3r () hotmail com


_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.