-
November 9th, 2001, 12:20 PM
#1
By Passing Hotmail JavaScript
Hey guys i was seaeching here and there and i found this : -
By Passing Hotmail JavaScript
Subject: hotmail javascript bypass
Date: 20. Oktober 2001 20:01
You can bypass the hotmail javascript filtering system using the
<img>..</img> tag.
Placing an http://www.antionline.com/
The src="javascript:bla" is changed to src="javascript:Filtered()".
The first image-background: url('javascript:bla') is changed to
image-background: url(non-'javascript:bla') (so isn't executed).
But here is the problem the second image-backgroun:
url('javascript:alert%28test%29') isn't changed at all.
(the %28/%29 are used instead of '(' / ')' else it won't work..)
So this code will be executed.
Some things you can do with this bug:
1 redirect people to a fake hotmail-retype-your-password page and catch
their password.
2 Catching cookies/urls etc.
3 You can get the users personal information
Example:
- I used netscape messenger and inserted this html tag:
--
http://www.antionline.com/
--
Then sending an email, and if the user opens this email a message will
popup containing his full name, country etc. So you are able to catch
this info.
4 .....
ObLiviON obliv@gmx.net
----------------------------------------------------------------------------------
In Every Digital Circuit There Is An Analog Circuit Screaming To Come Out.
-
November 9th, 2001, 12:31 PM
#2
This is OLD news. It's been in the "malicious" usenet groups for months and I think it was even posted here in the news section, when we use to have one...
-
November 9th, 2001, 12:48 PM
#3
Originally posted by Conf1rm3d_K1ll
This is OLD news. It's been in the "malicious" usenet groups for months and I think it was even posted here in the news section, when we use to have one...
Thanx for telling that
----------------------------------------------------------------------------------
In Every Digital Circuit There Is An Analog Circuit Which Is Screaming To Come Out.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|