To show a practical exploit of the XSS on Hotmail webmail server, let's do something dirty..., let's force the target user to do something that he would never had allowed: downloading a virus (from Hotmail, of course):-)