OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: Hotmail security hole - injecting JavaScr

Re: Hotmail security hole - injecting JavaScript using <IMG LOWSRC="javascript:....">

Subject: Re: Hotmail security hole - injecting JavaScript using
From: Norbert Luckhardt (nlCT.HEISE.DE)
Date: Tue Jan 04 2000 - 03:35:40 CST

-----BEGIN PGP SIGNED MESSAGE-----

Hello out there,

At 14:34 03.01.00 , Georgi Guninski wrote:
>Georgi Guninski security advisory #1, 2000
>
>Hotmail security hole - injecting JavaScript using <IMG
>LOWSRC="javascript:....">
...
>Workaround: Disable JavaScript

this is a good security hint - but no workaround for hotmail users. hotmail
(perhaps only the MS passport service) needs javascript - without it you
only get the following message:

Sign In Access Error
JavaScript required. The browser that you are using does not support
JavaScript, or you may have
disabled JavaScript.

have secure fun, Shalom dann,
NOrbert

- --
Norbert Luckhardt http://www.heise.de/ct/Redaktion/nl/
Redaktion c't Tel.: +49 511 5352 - 300 Fax: +49 511 5352 - 417
Helstorfer Str. 7 D-30625 Hannover BBS: +49 511 5352 - 301

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQCVAwUBOHGw3DYMsgdcZ8mpAQFlPwQAooduvRAD24bS85Nh57pUzjQI0ODixpt2
JdZN7LedvWn87ZLDggkQ3c9/NAz7VnPRC40RUjjNWeapED0AMwp+VZdJq3doGOPo
LDvmWAQUGX2mWI38rJ196fjlK7mUZoICU/JFDt9gbABF9g/+gk+aXCasmYv+kxqt
rFfIU07E5Jc=
=WAgc
-----END PGP SIGNATURE-----

This archive was generated by hypermail 2b27 : Tue Jan 04 2000 - 13:18:02 CST