From: Russell Harding [mailto:[EMAIL PROTECTED]]
Is there another way to exploit this which I am not
seeing? Or does MSN actually have their act together
(in this particular case...)?
-Russell
P.S. Well, I suppose the real question may be this:
Is there a way to concatenate
A lot can happen for sure, but i tried one myself, to redirect the request to some
other webpage.
One can make a fake hotmail page asking for password storing it locally in a text file
and then again redirect to the original hotmail page.
Usint this method one could steal passwords of
:11
Subject: Re: XSS bug in hotmail login page
A lot can happen for sure, but i tried one myself, to redirect the request
to some other webpage.
One can make a fake hotmail page asking for password storing it locally in
a text file and then again redirect to the original hotmail page.
Usint
Hello, comments below:
On Mon, 7 Oct 2002, Thor Larholm wrote:
It's very simple, you can inject arbitrary scripting to be executed by the
user in the context of hotmail. This means that you can e.g. steal his
cookies or, if he's logged in, write emails from his account, delete his
mails and