[NEWS] Hotmail LINK CSS Vulnerability (New Strain)From: email@example.com
- Previous message: firstname.lastname@example.org: "[NEWS] Multiple Vulnerabilities in GroupWise Webaccess and NetWare Web Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: email@example.com To: firstname.lastname@example.org Subject: [NEWS] Hotmail LINK CSS Vulnerability (New Strain) Message-Id: <20010826061009.5D53D138BF@mail.der-keiler.de> Date: Sun, 26 Aug 2001 08:10:09 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Hotmail LINK CSS Vulnerability (New Strain)
A new Cross Site Scripting (CSS) vulnerability carriers with it
potentially serious security implications, that go beyond the Microsoft
Hotmail system. This vulnerability and these types of vulnerabilities
(CSS) affect many more HTML aware web applications.
The below Cross Site Scripting vulnerability is believed to be a new
strain of CSS. Web application developers and security engineers are urged
to check and update their current HTML filters in all HTML aware web
applications. This includes Webmail, On-line Auctions, Message Boards,
HTML Chats, Guest Books, etc.
NOTE: Microsoft was advised of this issue Aug 21, 2001 and issued a fix by
Aug 23, 2001. Hotmail is no longer vulnerable to this problem.
This is a simple proof of concept vulnerability that illustrates how the
sending of a crafted HTML email with the enclosed body will auto-execute
** NOTE: Example tested under Netscape 4.77 **
* WebMail Example *
sendmail -t <target>@hotmail.com
From: The Attacker <email@example.com>
Content-Type: text/html; charset=us-ascii
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: firstname.lastname@example.org
In order to subscribe to the mailing list, simply forward this email to: email@example.com
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.