Release Date:
June 27 2006
Impact:
Cross Site Scripting
Where:
From remote
Software:
Hotmail at June 27 2006
Affected:
Hotmail in every language.
Description:
Hotmail is vulnerable to a Cross Site Scripting attack due to improper handling of variables in the URL.
This makes it possible to get the user's cookie and fake it on another pc. Therefore a piece of javascript injection is needed, which sends the user to an cookielogging script. After that you are able to control the users mailbox.
The way to exploit an hotmail user is making surethat he/she is logged in and clicks the link to the page with injected code. You can use a dynamic page for logging the cookie and to reference the user to the injected hotmail page. When the cookie is faked, surf to http://my.msn.com/ and from there to the user's mailbox.
URL:
http://my.msn.com/newmodule.armx?tok=TVJmHF%2bsBJ5RdVvt67SjWQ%3d%3d&page=1&m=%22%3E%2B
%3Cscript%20language=%22JavaScript%22%3Ealert(document.cookie)%3C/script%3E%3Cbr%20class=%22noppes&col=&tab=3
Detailed description and how-to:
http://adriaan.feetback.nl/hotmail_exploit_howto.html