[11969] in bugtraq
SV: Yet another major Hotmail security hole - injecting
daemon@ATHENA.MIT.EDU (Jonathan James)
Thu Sep 23 16:32:41 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <005101bf052d$a2735d80$0100a8c0@dell>
Date: Wed, 22 Sep 1999 21:06:51 +0200
Reply-To: Jonathan James <Jonathan@WIN32SOFTWARE.COM>
From: Jonathan James <Jonathan@WIN32SOFTWARE.COM>
X-To: Georgi Guninski <joro@NAT.BG>, bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
I tested your script on my own Hotmail account, but the execution of the Javascript failed.
I'm using Netscape Communicator 4.05.
I also tested the same script using Internet Explorer 4.0 build 4.72.3110.4 SP1, it didn't execute in IE.
Maybe Microsoft has already fixed the security hole.
Regards
Jonathan James
----------------------------------------------
"Do not fear to be eccentric in opinion,
for every opinion now accepted was once eccentric."
-- Bertrand Russell
----------------------------------------------
Jonathan James
ICQ: 34886860
http://www.win32software.com
----------------------------------------------
