There are a couple of other links to the exploit, which I tried and succeeded at; the page was just an interface, I think. Drop me a line for more information. For obvious reasons I'm not going to post the exploit proper onto a mailing list which gets popped into a public archive.
For context. Hotmail was bought by MS last year, for an astounding amount of cash; it's a web-based mail service served by apache running on BSD (Berkeley Systems Distribution, a unix-like OS, I'm not sure what variant) machines, and I believe that the databases proper are running on Sun hardware.
Microsoft previously attempted to convert Hotmail to IIS running on Windows NT, but those machines were unable to take hotmail's load and the partial conversion was reversed at great cost.
Microsoft has also made some considerable modifications to hotmail's functionality recently, and the present exploit is said to be rooted in one of those additions.
Marco
,--------------------------------------------------------------------------.
> Marco Anglesio | Alcohol, hashish, prussic acid, <
> mpa at the-wire.com | strychnine are weak dilutions. <
> http://www.the-wire.com/~mpa | The surest poison is time. <
> | --Ralph Waldo Emerson <
`--------------------------------------------------------------------------'