('binary' encoding is not supported, stored as-is) Goodevening people, I've found a "little (not sure)" xss bug in the Hotmail login page, i just started to learn about xss bugs. I didnt tryd to much on this, i even contacted Microsoft. They prolly very busy with counting do, or its a harmless bug.. got no idea ;). They didnt reacted, and im pretty curious about what is possible with the bug. And i actually hope that someone can tell me about it and maybe Microsoft will do something about it.. so check it out.. the + sign is filterd out.. and hey be cool.. dunno whats possible with it.. but keep it to exploiting i would say.. Hope someone can explain what is possible with this bug.. im worried about my hotmail addy security (lol) http://lc2.law5.hotmail.passport.com/cgi-bin/login?_lang=&id=2&fs=1&cb="><script>alert(document.cookie)</script>&ct=1033054530&_setlang= Regards, Addic RDMNL P.S. Sorry for my bad englisch :P ------------------------------------------------------------ Nigerian Scam !! READ if you've received a request!! http://www.secretservice.gov/alert419.shtml --------------------------------------------------------------------- Express yourself with a super cool email address from BigMailBox.com. Hundreds of choices. It's free! http://www.bigmailbox.com ---------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Oct 07 2002 - 11:29:20 PDT