Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Form insecurity in Netscape

From: avery () AURAGEN COM (Andy Avery)
Date: Wed, 4 Nov 1998 15:54:02 -0500

On Tue, 3 Nov 1998, kelani wrote:


Date: Tue, 3 Nov 1998 22:25:35 -0500
From: kelani <kelani () KELANI COM>
To: BUGTRAQ () netspace org
Subject: Form insecurity in Netscape

*resubmitted with the offending paragraph removed, thanks for your
patience, O phearable one.*

Greetings all,

Apologies if it has already been known or was discussed earlier. I see no
mention in the archive, and it's such an obvious thing...

In the Netscape Navigator 3.x and Communicator 4.x installations at my
school, where all users share a common login, Navigator seems to write a
'nsformXX.tmp' file when a user fills out a form on a webpage. This file
contains the fields the user filled in as plaintext, and looks like this:



 Just poking around and checking things here, I found that there are two
conditions that *must* be met for this to happen:

#1) The form that is submitted must be a MIME-Encoded form
(enctype="multipart/form-data" in the <form> tag) as opposed to the
default of a URL-Encoded form.  (if there's no "enctype" element in a
<form> tag, it defaults to URL-Encoded)

#2) the environmental variable TEMP *must* be set.  This was not the case
for my setup until I added it in my autoexec.bat and rebooted.

  I tested this using Communicator v4.04 on Win95.  When I attempted this
with a URL-Encoded form, it didn't work.  I tested it using a MIME-Encoded
form and it still didn't work.  So I set TEMP in autoexec and rebooted.
Tried it on a URL-Encoded form, and it didn't work.  Tried it on the
MIME-Encoded form, and a file called nstempCG.tmp showed up in the path
that I set TEMP to.  Both forms were of my creation on my server here, and
I just wrote dummy perl scripts to receive the call from the web server.

  Hope this helps anyone......

_____________________________________________________________
Andy Avery                      Systems/Network Administrator
Auragen Communications, Inc.
620 Park Ave, Ste. 177          v: 716.242.8759
Rochester, NY 14607             f: 716.242.0417
Previous By Date Next
Previous By Thread Next

Current thread: