[11909] in bugtraq
Re: Hotmail security vulnerability - injecting JavaScript
daemon@ATHENA.MIT.EDU (Richard M. Smith)
Wed Sep 15 03:21:53 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <001b01beff1d$3c3519c0$0701a8c0@tiac.net>
Date: Tue, 14 Sep 1999 21:54:22 -0400
Reply-To: "Richard M. Smith" <smiths@TIAC.NET>
From: "Richard M. Smith" <smiths@TIAC.NET>
X-To: Metal Hurlant <metal_hurlant@YAHOO.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Hello,
> This is actually more than just another hotmail glitch. Many (all?) web
> services are doing things wrong:
Yes, the problem with JavaScript enitities (ie, &{<expression>};) happens
all of over the Web. Here are some places that I have found where it is
possible to inject JavaScript code into Web pages:
1. Most Web Email services
2. Most Web message board software
3. Most guest book software
4. Yahoo profiles (this has now been fixed)
5. Techstocks Web board messages.
6. Some search engine result pages
7. eBay auction postings
8. Netcenter (now fixed)
Basically a JavaScript enitity can be added to the end of any URL
for an image or a link. When the page is displayed, the code
in the enitity is executed. Pretty much any Web site that allows
user supplied information can have the problem.
Richard
