VULHUB ™

-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos, Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. The following report is the result of a two hour security survey of high profile webmail and auction services offered free over the internet. This survey is in no way extensive or thorough. It serves only as "proof of concept" that these types of services are vulnerable to attack on a wide scale. All the following vulnerabilities are currently active as of Aug. 25, 2000. The following webmail vulnerabilities all stem from the same problem. The attacker has the ability to pass unfiltered malicious HTML/JavaScript into the target users web environment.

-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos, Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. The following report is the result of a two hour security survey of high profile webmail and auction services offered free over the internet. This survey is in no way extensive or thorough. It serves only as "proof of concept" that these types of services are vulnerable to attack on a wide scale. All the following vulnerabilities are currently active as of Aug. 25, 2000. The following webmail vulnerabilities all stem from the same problem. The attacker has the ability to pass unfiltered malicious HTML/JavaScript into the target users web environment.