lynx-dev Javascript-denial-of-service at Hotmail

[Ian Collier]

As you no doubt know, logging in to Hotmail using Lynx used to be
possible but suddenly became impossible a few months back because
it simply redirects you to a "JavaScript required" link.  Yeah I
know, reasonable people don't have Hotmail accounts... on the other
hand, it's OK for a throwaway address that I don't really use.

Well, if you visit the login page in another browser and peek at the
source then it transpires that you can bypass this by sending a form
with the correct details filled in.

Here's a sample of this form:

<html>
<form TARGET="_top" name="hotmail_com" 
action="https://loginnet.passport.com/ppsecure/post.srf?lc=1033&id=2&ru=http://www.hotmail.msn.com/cgi-bin/sbox&tw=20&fs=1&cbid=24325&da=passport.com&kpp=2&svc=mail&msppjph=1";
 METHOD="post">
Login: <input type="text" name="login" value="">@hotmail.com
<input type="hidden" Name="domain" Value="hotmail.com">
Password: <input type="password" name="passwd">
<input type="checkbox" name="sec" value="1">Sign me in automatically<br>
<input type="hidden" name="mspp_shared">
<input type="hidden" name="padding">
<input type=submit>
<p>
<a href="http://hotmail.msn.com/cgi-bin/HoTMaiL";>Hotmail.com</a>
</form>
</html>

Instructions:
Optionally fill in your hotmail account name in the login box in the HTML
source.  Save this as a file and visit it in Lynx.

First visit the Hotmail.com link to set some initial cookies.  Then
press the back-arrow to return to the form and submit your login details.

Later (if you didn't quit Lynx or if you did have persistent cookies
turned on and checked the checkbox in the form) when you return to
the form you can just visit the Hotmail.com link to return to your
mailbox.

imc

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden