Home page logo

bugtraq logo Bugtraq mailing list archives

hotmail css/div exploit: new version
From: gregory duchemin <c3rb3r () HOTMAIL COM>
Date: Tue, 30 Jan 2001 15:16:29 -0000


the last exploit was broken with msie 5.50, in fact the background
image didn't appear at all, anyway it was a bad idea to use it.
So i decided to learn a bit more about css and this is a new version
that will work with msie 4/5/5.50, the background color is now fixed as a
blank value (#ffffff) into the div class (thus deleting one useless

The mail folders navigator input form that buggily appeared on the top layer
was fix too by playing with its porperties (select{ visibility:hidden}).

The scrollbar at the bottom was reduced with the help of the class width
parameter. U will have to choose it accordingly to the screen res of the
trojan receiver, if u don't know ( u should ;) ), just take a big value.

But this exploit isn't absolutely perfect, we have still this advertising
iframe at the top middle and since we can't use javascript to modify its
properties, i have no more idea at least for now.
This iframe tag is really interesting but already filtered by hotmail and
yahoo, may be in some cross-vulnerable sites list that was diffused here
some weeks ago.

Anyway it would be much more than necessary to recover most of hotmail 74
millions mailboxes passwords. it would.

herewith u will find the exploit, just copy it (ctrl-c/v) in a mail to  YOUR
OWN hotmail account.
NOTE: To work properly, the message MUST BEGIN with the html tag (nothing
NOTE2: don't send it to me ;)
and again,

Don't use it for any malicious activity.

Have a nice day

Gregory Duchemin  - Security Consultant -
1001 bd Maisonneuve Ouest - suite 200
H3A 3C8 Montreal - Quebec - CANADA
c3rb3r () hotmail com

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

  By Date           By Thread  

Current thread:
  • hotmail css/div exploit: new version gregory duchemin (Jan 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]