[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev Javascript-denial-of-service at Hotmail

From: Ian Collier
Subject: lynx-dev Javascript-denial-of-service at Hotmail
Date: Fri, 3 Oct 2003 16:29:15 +0100

As you no doubt know, logging in to Hotmail using Lynx used to be
possible but suddenly became impossible a few months back because
it simply redirects you to a "JavaScript required" link.  Yeah I
know, reasonable people don't have Hotmail accounts... on the other
hand, it's OK for a throwaway address that I don't really use.

Well, if you visit the login page in another browser and peek at the
source then it transpires that you can bypass this by sending a form
with the correct details filled in.

Here's a sample of this form:

<form TARGET="_top" name="hotmail_com" 
Login: <input type="text" name="login" value="">
<input type="hidden" Name="domain" Value="">
Password: <input type="password" name="passwd">
<input type="checkbox" name="sec" value="1">Sign me in automatically<br>
<input type="hidden" name="mspp_shared">
<input type="hidden" name="padding">
<input type=submit>
<a href="";></a>

Optionally fill in your hotmail account name in the login box in the HTML
source.  Save this as a file and visit it in Lynx.

First visit the link to set some initial cookies.  Then
press the back-arrow to return to the form and submit your login details.

Later (if you didn't quit Lynx or if you did have persistent cookies
turned on and checked the checkbox in the form) when you return to
the form you can just visit the link to return to your


; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]