|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Message-Id: <200001050258.PAA26274@fep3-orange.clear.net.nz> Date: Wed, 5 Jan 2000 15:58:33 +1200 Reply-To: nick@virus-l.demon.co.uk From: Nick FitzGerald <nick@VIRUS-L.DEMON.CO.UK> X-To: BUGTRAQ@SECURITYFOCUS.COM To: BUGTRAQ@SECURITYFOCUS.COM In-Reply-To: <3872022D.88D2BB0E@nat.bg> > Georgi Guninski security advisory #2, 2000 > > Yet another Hotmail security hole - injecting JavaScript in IE using > <IMG DYNRC="javascript:...."> <<snip>> It would be nice to think that while fixing the previous hole (<IMG LOWSRC="javascript:....">), one or two of the MS/Hotmail security staff might have wondered "What other parameters on this and other tags may be similarly exploitable?". Yeah, right... I note that no browser fixes have been notified/posted yet, or is this a Hotmail-only hole (i.e. "expected behaviour" in the browser)? Regards, Nick FitzGerald
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |