|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Peter Rdam (hell_at_weedmail.com)
Date: Sun Oct 06 2002 - 16:03:14 CDT
('binary' encoding is not supported, stored as-is)
Goodevening people,
I've found a "little (not sure)" xss bug in the Hotmail login page, i just started to learn about xss bugs. I didnt tryd to much on this, i even contacted Microsoft. They prolly very busy with counting do, or its a harmless bug.. got no idea ;). They didnt reacted, and im pretty curious about what is possible with the bug. And i actually hope that someone can tell me about it and maybe Microsoft will do something about it.. so check it out.. the + sign is filterd out.. and hey be cool.. dunno whats possible with it.. but keep it to exploiting i would say.. Hope someone can explain what is possible with this bug.. im worried about my hotmail addy security (lol)
http://lc2.law5.hotmail.passport.com/cgi-bin/login?_lang=&id=2&fs=1&cb="><script>alert(document.cookie)</script>&ct=1033054530&_setlang=
Regards,
Addic
RDMNL
P.S. Sorry for my bad englisch :P
------------------------------------------------------------
Nigerian Scam !! READ if you've received a request!!
http://www.secretservice.gov/alert419.shtml
---------------------------------------------------------------------
Express yourself with a super cool email address from BigMailBox.com.
Hundreds of choices. It's free!
http://www.bigmailbox.com
---------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]