Date: Tue, 25 Aug 1998 20:14:07 +0200
From: Jonathan James <james@MBOX304.SWIPNET.SE>
To: BUGTRAQ@netspace.org
Subject: SV: Serious Security Hole in Hotmail
Hello everybody.
I studied Mr. Cervenka's e-mail and then started to experiment.
There is a way to do this to a browser that has Javascripting disabled.
Just put a META REFRESH tag into the htmlfile, the URL should point to the
URL which contains the actual capturing and sending of the password/login.
This is shown in an example below.
<html>
<meta http-equiv="refresh" content="1;
url=the-url-that-is-to-be-pointed-to">
and so on.....
Thankyou for your time.
Regards
Jonathan James
