Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: Hotmail security hole - injecting JavaScript using <IMG LOWSRC=&quot;javascript:....&quot;>

Re: Hotmail security hole - injecting JavaScript using <IMG LOWSRC=&quot;javascript:....&quot;>

From: Norbert Luckhardt <nl_at_CT.HEISE.DE>
Date: Tue, 4 Jan 2000 10:35:40 +0100

-----BEGIN PGP SIGNED MESSAGE-----

Hello out there,

At 14:34 03.01.00 , Georgi Guninski wrote:
>Georgi Guninski security advisory #1, 2000
>
>Hotmail security hole - injecting JavaScript using <IMG
>LOWSRC="javascript:....">
...
>Workaround: Disable JavaScript

this is a good security hint - but no workaround for hotmail users. hotmail
(perhaps only the MS passport service) needs javascript - without it you
only get the following message:

Sign In Access Error
JavaScript required. The browser that you are using does not support
JavaScript, or you may have
disabled JavaScript.

have secure fun, Shalom dann,
NOrbert

- --
Norbert Luckhardt http://www.heise.de/ct/Redaktion/nl/
Redaktion c't Tel.: +49 511 5352 - 300 Fax: +49 511 5352 - 417
Helstorfer Str. 7 D-30625 Hannover BBS: +49 511 5352 - 301

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQCVAwUBOHGw3DYMsgdcZ8mpAQFlPwQAooduvRAD24bS85Nh57pUzjQI0ODixpt2
JdZN7LedvWn87ZLDggkQ3c9/NAz7VnPRC40RUjjNWeapED0AMwp+VZdJq3doGOPo
LDvmWAQUGX2mWI38rJ196fjlK7mUZoICU/JFDt9gbABF9g/+gk+aXCasmYv+kxqt
rFfIU07E5Jc=
=WAgc
-----END PGP SIGNATURE-----
Received on Jan 04 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]