Bugtraq mailing list archives
Re: The Dangers of Allowing Users to Post Images
From: Michal Szokolo <msz () kill-spammers pmp com pl>
Date: Sun, 24 Jun 2001 03:02:33 +0100
John Percival wrote:
I'm going to try and throw another issue into this discussion now too: denial of service. We have discussed it for attacking remote servers, but not for the client viewing the image. It's something else that I spotted while I was playing around with this issue just now. If you have images that include a mailto:me () my host somewhere com source, then the default handler for mailto: links is opened up. Be that Outlook, Netscape Composer, Eudora, or whatever else you care to use. So if someone embedded 100 (arbitrary figure) mailto: images in a page, then this would do a lot of harm to the user's computer. At best, it would get very busy for a few minutes creating new emails, and would be a pain to clear up. At worst, it could bring the whole system crashing down.
Netscape 4.77 crashes at about 50 such IMG tags, IF they are different (simply putting mailto:fakeluser@fakedomain 100 times won't work (opens only 2 message windows)), but if you go with some script... instant crash (try it now free of charge at http://msz.pmp.com.pl/boom/ ;-)). -- I'm an ugly boy | Nie wchodzic na http://msz.pmp.com.pl/ My face makes you hurl | REKLAMY: I'm a relation | Dla snobow: http://www.filharmonia.pl/ To Frankenstein's creation | Wypij za mnie: http://www.fws.pl/
Current thread:
- The Dangers of Allowing Users to Post Images John Percival (Jun 14)
- Re: The Dangers of Allowing Users to Post Images Sverre H. Huseby (Jun 15)
- Re: The Dangers of Allowing Users to Post Images Tim Nowaczyk (Jun 16)
- Re: The Dangers of Allowing Users to Post Images Henrik Nordstrom (Jun 18)
- Re: The Dangers of Allowing Users to Post Images peterw (Jun 19)
- Re: The Dangers of Allowing Users to Post Images Henrik Nordstrom (Jun 19)
- Re: never-ending Referer arguments (The Dangers of Allowing Users to Post Images) Peter W (Jun 19)
- Re: [BUGTRAQ] Re: never-ending Referer arguments (The Dangers of Allowing Users to Post Images) CDI (Jun 22)
- Re: The Dangers of Allowing Users to Post Images Tim Nowaczyk (Jun 16)
- Re: The Dangers of Allowing Users to Post Images John Percival (Jun 22)
- Re: The Dangers of Allowing Users to Post Images Michal Szokolo (Jun 24)
- Re: The Dangers of Allowing Users to Post Images Travis Siegel (Jun 25)
- Re: The Dangers of Allowing Users to Post Images Sverre H. Huseby (Jun 15)
- Re: The Dangers of Allowing Users to Post Images Jeffrey W. Baker (Jun 25)
- Re: The Dangers of Allowing Users to Post Images Sverre H. Huseby (Jun 19)
- Re: The Dangers of Allowing Users to Post Images Henrik Nordstrom (Jun 19)
- Re: The Dangers of Allowing Users to Post Images Brett Lymn (Jun 18)
- Re: The Dangers of Allowing Users to Post Images Marc Slemko (Jun 16)
- Re[2]: The Dangers of Allowing Users to Post Images Alexander K. Yezhov (Jun 16)