Home page logo

bugtraq logo Bugtraq mailing list archives

RE: XSS bug in hotmail login page
From: Thor Larholm <Thor () jubii dk>
Date: Mon, 7 Oct 2002 17:57:24 +0200

From: Peter Rdam [mailto:hell () weedmail com]
They didnt reacted, and im pretty curious about what 
is possible with the bug. And i actually hope that 
someone can tell me about it and maybe Microsoft will 
do something about it..

It's very simple, you can inject arbitrary scripting to be executed by the
user in the context of hotmail. This means that you can e.g. steal his
cookies or, if he's logged in, write emails from his account, delete his
mails and change his password.

Thor Larholm
Jubii A/S - Internet Programmer

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]