lug-bg: Re: Otnowo Bulgarin se e predstawil dobre 4estito na MS
- Subject: lug-bg: Re: Otnowo Bulgarin se e predstawil dobre 4estito na MS
- From: firedust@xxxxxxx (Stanislav Lechev)
- Date: Tue, 12 Jun 2001 12:37:08 +0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ako cheteshe bugtraq shteshe da sreshtash imeto mu pone 1-2 pyti sedmichno
:)
On Monday 11 June 2001 02:59, Svetoslav Traikov wrote:
> W4era se roveh iz rootshell org i wijte na kakwo popadnah:)
>
> (Ed: A quick check of other services that allow you to read your own mail
> from any POP3 server found that hotmail isn't the only one with this
> problem. We went to www.thatweb.com and found they have the same problem.
> A test of Yahoo!Mail found that they replace javascript with java-script
> anywhere in an e-mail.)
>
> Hotmail security hole - injecting JavaScript using
> Georgi Guninski <joro@xxxxxx>
>
> Georgi Guninski security advisory #1, 2000
>
> Hotmail security hole - injecting JavaScript using <IMG
> LOWSRC="javascript:....">
>
> Disclaimer:
>
> The opinions expressed in this advisory and program are my own and not of
> any company. The usual standard disclaimer applies, especially the fact
> that
> Georgi Guninski is not liable for any damages caused by direct or indirect
> use of the information or functionality provided by this program. Georgi
> Guninski, bears NO responsibility for content or misuse of this program or
> any derivatives thereof.
>
> Description:
> Hotmail allows executing JavaScript code in email messages using <IMG
> LOWSRC="javascript:....">,
> which may compromise user's Hotmail mailbox.
>
> Details:
>
> There is a major security flaw in Hotmail which allows injecting and
> executing JavaScript code in an email message using the javascript
> protocol.
> This exploit works both on Internet Explorer 5.x (almost sure IE 4.x) and
> Netscape Communicator 4.x. Hotmail filters the "javascript:" protocol for
> security reasons. But the following JavaScript is executed: <IMG
> LOWSRC="javascript:alert('Javascript is executed')"> if the user has
> enabled
> automatically loading of images (most users have).
>
> Executing JavaScript when the user opens Hotmail email message allows for
> example displaying a fake login screen where the user enters his password
> which is then stolen. I don't want to make a scary demonstration, but it
> is
> also possible to read user's messages, to send messages from user's name
> and
> doing other mischief. It is also possible to get the cookie from Hotmail,
> which is dangerous. Hotmail deliberately escapes all JavaScript (it can
> escape) to prevent such attacks, but obviously there are holes. It is much
> easier to exploit this vulnerability if the user uses Internet Explorer
> 5.x
>
> Workaround: Disable JavaScript
>
> The code that must be included in HTML email message is:
> --------------------------------------------------------
> <IMG LOWSRC="javascript:alert('Javascript is executed')">
> --------------------------------------------------------
>
> Regards,
> Georgi Guninski
> http://www.nat.bg/~joro
>
>
>
> ===========================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
- --
- -===============================================================-
- - Regards, AngelFire -
- - Stanislav Lechev <firedust@xxxxxxx> -
- - PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc -
- - Vega Internet Service Provider (tm) -- http://www.vega.bg -
- -===============================================================-
Everyone is a genius.
It's just that some people are too stupid to realize it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7JeLE8RPXBhiMqewRAiGAAJ4ht7x1Tiw2qcVruPvbu15dqHqgOwCaAx+u
6wHB1eyk/Dc47lKhagtVEWk=
=HMCy
-----END PGP SIGNATURE-----
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|