SV: Serious Security Hole in Hotmail

From: Jonathan James (jamesat_private)
Date: Tue Aug 25 1998 - 11:14:07 PDT

Next message: Jonathan A. Zdziarski - Systems Administrator: "Re: Serious Security Hole in Hotmail"

Previous message: Aleph One: "Administrivia"
Next in thread: Jonathan James: "SV: Serious Security Hole in Hotmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello everybody.
I studied Mr. Cervenka's e-mail and then started to experiment.
There is a way to do this to a browser that has Javascripting disabled.
Just put a META REFRESH tag into the htmlfile, the URL should point to the
URL which contains the actual capturing and sending of the password/login.
This is shown in an example below.
<html>
<meta http-equiv="refresh" content="1;
url=the-url-that-is-to-be-pointed-to">
and so on.....

Thankyou for your time.

Regards
Jonathan James

Next message: Jonathan A. Zdziarski - Systems Administrator: "Re: Serious Security Hole in Hotmail"
Previous message: Aleph One: "Administrivia"
Next in thread: Jonathan James: "SV: Serious Security Hole in Hotmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:27 PDT