zbeng Posted October 31, 2006 Report Share Posted October 31, 2006 Hotmail XSS Exploit > Security AdvisoryRelease Date:June 27 2006Impact:Cross Site ScriptingWhere:From remoteSoftware:Hotmail at June 27 2006Affected:Hotmail in every language.Description:Hotmail is vulnerable to a Cross Site Scripting attack due to improper handling of variables in the URL. This makes it possible to get the user's cookie and fake it on another pc. Therefore a piece of javascript injection is needed, which sends the user to an cookielogging script. After that you are able to control the users mailbox.The way to exploit an hotmail user is making surethat he/she is logged in and clicks the link to the page with injected code. You can use a dynamic page for logging the cookie and to reference the user to the injected hotmail page. When the cookie is faked, surf to http://my.msn.com/ and from there to the user's mailbox.URL:http://my.msn.com/newmodule.armx?tok=TVJmHF%2bsBJ5RdVvt67SjWQ%3d%3d&page=1&m=%22%3E%2B %3Cscript%20language=%22JavaScript%22%3Ealert(document.cookie)%3C/script%3E%3Cbr%20class=%22noppes&col=&tab=3Detailed description and how-to:http://adriaan.feetback.nl/hotmail_exploit_howto.html Link to comment Share on other sites More sharing options...