(hhp) Millenniumoffice Advisory. (hhp) hhp-ADV#11 By: fake fake@hhp.perlx.com - http://hhp.perlx.com/ 12/9/99 10:35:32pm CST ------------------------------------------------------ Problem: Millenniumoffice(or MO) lets you pass html code with no questions asked. Exploit: If you goto thier main site: millenniumoffice.com you can sign up for a free web based E-mail account. The account gives you a Web Page, message box, and some other fun things. EX: Visit Fake's Personal Web Page Leave a Message for fake Request an Appointment with fake View fake's Calendar fake, You can login with your password ___________ Login The first use of this HTML bug lets you crash the other persons Appointment box. When they go and check thier Appointments it will give them some HTML error and they can't do anything about it. They can't remove the message nor view any of the other messages, (So thier pretty much screwed). All you have to do to exploit this is, Click on Leave a Message then put a name and then put: