Results 1 to 3 of 3

Thread: By Passing Hotmail JavaScript

  1. #1

    Post By Passing Hotmail JavaScript

    Hey guys i was seaeching here and there and i found this : -

    By Passing Hotmail JavaScript

    Subject: hotmail javascript bypass
    Date: 20. Oktober 2001 20:01

    You can bypass the hotmail javascript filtering system using the
    <img>..</img> tag.

    Placing an

    The src="javascript:bla" is changed to src="javascript:Filtered()".
    The first image-background: url('javascript:bla') is changed to
    image-background: url(non-'javascript:bla') (so isn't executed).

    But here is the problem the second image-backgroun:
    url('javascript:alert%28test%29') isn't changed at all.
    (the %28/%29 are used instead of '(' / ')' else it won't work..)

    So this code will be executed.

    Some things you can do with this bug:

    1 redirect people to a fake hotmail-retype-your-password page and catch
    their password.
    2 Catching cookies/urls etc.

    3 You can get the users personal information
    - I used netscape messenger and inserted this html tag:


    Then sending an email, and if the user opens this email a message will
    popup containing his full name, country etc. So you are able to catch
    this info.

    4 .....


    In Every Digital Circuit There Is An Analog Circuit Screaming To Come Out.

  2. #2
    This is OLD news. It's been in the "malicious" usenet groups for months and I think it was even posted here in the news section, when we use to have one...

  3. #3
    Originally posted by Conf1rm3d_K1ll
    This is OLD news. It's been in the "malicious" usenet groups for months and I think it was even posted here in the news section, when we use to have one...
    Thanx for telling that

    In Every Digital Circuit There Is An Analog Circuit Which Is Screaming To Come Out.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts