Bugtraq mailing list archives

XSS bug in hotmail login page

From: "Peter Rdam" <hell () weedmail com>
Date: Sun, 6 Oct 2002 14:03:14 -0700

Goodevening people,

I've found a "little (not sure)" xss bug in the Hotmail login page, i just started to learn about xss bugs. I didnt 
tryd to much on this, i even contacted Microsoft. They prolly very busy with counting do, or its a harmless bug.. got 
no idea ;). They didnt reacted, and im pretty curious about what is possible with the bug. And i actually hope that 
someone can tell me about it and maybe Microsoft will do something about it.. so check it out.. the + sign is filterd 
out.. and hey be cool.. dunno whats possible with it.. but keep it to exploiting i would say.. Hope someone can explain 
what is possible with this bug.. im worried about my hotmail addy security (lol) 

http://lc2.law5.hotmail.passport.com/cgi-bin/login?_lang=&id=2&fs=1&cb=";><script>alert(document.cookie)</script>&ct=1033054530&_setlang=


Regards,
Addic
RDMNL
P.S. Sorry for my bad englisch :P 



------------------------------------------------------------
Nigerian Scam !! READ if you've received  a request!!
http://www.secretservice.gov/alert419.shtml


---------------------------------------------------------------------
Express yourself with a super cool email address from BigMailBox.com.
Hundreds of choices. It's free!
http://www.bigmailbox.com
---------------------------------------------------------------------

Current thread:

XSS bug in hotmail login page Peter Rdam (Oct 07)
- <Possible follow-ups>
- RE: XSS bug in hotmail login page Thor Larholm (Oct 07)
  - RE: XSS bug in hotmail login page Russell Harding (Oct 08)
    - Re: XSS bug in hotmail login page Inderjeet S Sodhi (Oct 09)
- RE: XSS bug in hotmail login page Thor Larholm (Oct 08)
- Re: XSS bug in hotmail login page Muhammad Faisal Rauf Danka (Oct 08)
  - Re: XSS bug in hotmail login page Berend-Jan Wever (Oct 08)