|
|
|
|
| |
There is a major security flaw in the Hotmail webmail service, which allows the injection and execution JavaScript code in an email message. This is done using the <STYLE> tag. The vulnerability is present if the user uses Internet Explorer 5.0 or Netscape Communicator 4.x (though the exploit code is different for the two browsers).
Executing JavaScript when the user opens Hotmail email message allows, for example, displaying a fake login screen where the user enters his password that can be immediately stolen.
Hotmail deliberately removes all JavaScript code to prevent such attacks, but obviously there are holes. It is much easier to exploit these vulnerabilities if the user uses Internet Explorer 5.0.
Note: This is not a browser problem; it is a problem in Hotmail's webmail system. |
| |
Credit:
This vulnerability has been found by: Georgi Guninski.
|
| |
The code that can be embedded in an HTML email message is:
IE 5.0:
<P STYLE="left:expression(eval('alert(\'JavaScript is
executed\');window.close()'))" >
Netscape Communicator:
<STYLE TYPE="text/javascript">
alert('JavaScript is executed');
a=window.open(document.links[2]);
setTimeout('alert(\'The first message in your Inbox is from:
\'+a.document.links[26].text)',20000);
</STYLE>
|
|
|
|
|
|
|
|
|
|
