Full Disclosure mailing list archives
Hotmail security flaw
From: Alex de Vries <eierkoek () gmail com>
Date: Sat, 4 Jun 2005 10:46:32 -0700
I have found a security hole in hotmail that allows me to view somebody's email inbox and do everything possible as it was your own e-mail inbox. All that needs to be done is send that user an a-mail message and persuade him to open an internet site (that has been uploaded by the attacker). This flaw works because of an XSS (Cross Site Scripting) vulnerability in the msn website. This allows the attacker to log the cookie of the victim. It's not a JavaScript injection on the site of hotmail itself, so it's not possible to see if the url is malicious or not. I have send Microsoft an e-mail message explaining the exploit and the problems it can cause. I have successfully tested this method multiple times on a legal way. When I was convinced the exploit was fully working I wrote a tutorial about it. The XSS exploit exists in one of MSN sub domains http://ilovemessenger.msn.com/ . To prove it's existence you could go to the following url (including the last single quote): http://ilovemessenger.msn.com/?mkt=nl-nl');alert(document.cookie);escape(' If the exploit is still working you will see a popup containing your current cookie. The tutorial I have written can be shown at : http://www.net-force.nl/files/articles/hotmail_xss/ The exploit is discovered, and the tutorial has been written by: Alex de Vries, on http://www.net-force.nl known as "Eierkoek". eierkoek () net-force nl _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Hotmail security flaw Alex de Vries (Jun 04)