[7746] in bugtraq
SV: Serious Security Hole in Hotmail
daemon@ATHENA.MIT.EDU (Jonathan James)
Tue Aug 25 18:18:20 1998
Date: Tue, 25 Aug 1998 20:14:07 +0200
Reply-To: Jonathan James <james@MBOX304.SWIPNET.SE>
From: Jonathan James <james@MBOX304.SWIPNET.SE>
X-To: Tom Cervenka <tomc@SPECIALTY.AB.CA>
To: BUGTRAQ@NETSPACE.ORG
Hello everybody.
I studied Mr. Cervenka's e-mail and then started to experiment.
There is a way to do this to a browser that has Javascripting disabled.
Just put a META REFRESH tag into the htmlfile, the URL should point to the
URL which contains the actual capturing and sending of the password/login.
This is shown in an example below.
<html>
<meta http-equiv="refresh" content="1;
url=the-url-that-is-to-be-pointed-to">
and so on.....
Thankyou for your time.
Regards
Jonathan James
