SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Hotmail Vendors:   Microsoft
Microsoft MSN Hotmail/Passport Login Page May Permit Cookie Stealing Via Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1005377
SecurityTracker URL:  http://securitytracker.com/id/1005377
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 8 2002
Impact:   Disclosure of authentication information, Execution of arbitrary code via network, Modification of user information, User access via network
Exploit Included:  Yes  

Description:   An input validation vulnerability was reported in Microsoft's Hotmail web-based e-mail service. A remote user can conduct cross-site scripting attacks against Hotmail users to steal their authentication cookies and potentially access their e-mail accounts.

It is reported that the Hotmail login script on 'passport.com' fails to filter user-supplied HTML tags. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the Hotmail site (or, in the example below, 'passport.com') and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies) associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit URL has been provided:

http://lc2.law5.hotmail.passport.com/cgi-bin/login?_lang=&id=2&fs=1&cb="><script>alert(document.cookie)</script>&ct=1033

The vendor has reportedly been notified.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with Hotmail, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.hotmail.com/ (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  XSS bug in hotmail login page


Goodevening people,

I've found a "little (not sure)" xss bug in the Hotmail login page, i just started to learn about xss bugs. I didnt tryd to much on
 this, i even contacted Microsoft. They prolly very busy with counting do, or its a harmless bug.. got no idea ;). They didnt reacted,
 and im pretty curious about what is possible with the bug. And i actually hope that someone can tell me about it and maybe Microsoft
 will do something about it.. so check it out.. the + sign is filterd out.. and hey be cool.. dunno whats possible with it.. but keep
 it to exploiting i would say.. Hope someone can explain what is possible with this bug.. im worried about my hotmail addy security
 (lol) 

http://lc2.law5.hotmail.passport.com/cgi-bin/login?_lang=&id=2&fs=1&cb="><script>alert(document.cookie)</script>&ct=1033054530&_setlang=


Regards,
Addic
RDMNL
P.S. Sorry for my bad englisch :P 



------------------------------------------------------------
Nigerian Scam !! READ if you've received  a request!!
http://www.secretservice.gov/alert419.shtml


---------------------------------------------------------------------
Express yourself with a super cool email address from BigMailBox.com.
Hundreds of choices. It's free!
http://www.bigmailbox.com
---------------------------------------------------------------------

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC