Bugtraq mailing list archives
Re: mailto links
From: "C. Cooke" <ccooke () cus org uk>
Date: Tue, 11 Sep 2001 23:38:31 +0100 (BST)
On Tue, 11 Sep 2001, [Segmen] wrote:
Apologies in advance if this is a known issue. I discovered this a few days ago, a friend advised me to submit it to BugTraq. As I'm sure you all know, mailto links do not have to hold just an address, they can also pass parameters for use as the email Subject and Body. These parameters takes format "mailto:username () host com?Subject=SubjectGoesHere&Body=BodyGoesHere" . We can also Hex-Encode characters so we can use "mailto:username () host com?Subject=Subject%20Goes%20Here&Body=Body%20Goes%20H ere" . But we can fit quite a lot of data into the Body field, which means we can Hex-encode some uuencoded data into there. [ Apologies if the link wraps ] I have been experimenting with Internet Explorer 6, and Outlook Express 6 and have been able to pass some uuencoded files with the mailto.
Hmm. And there's the img tag bug that Microsoft declined to fix... Considering that you can force the browser to automatically talk to your mail client and make it start a new email address with <img src=mailto:user@host>, what extra trickery could be done with this? Can you make it send the mail? If so, you could cause a huge DoS simply by making a couple of IE users view a simple web page. -- Charles Cooke, Sysadmin Say it with flowers, send a triffid.
Current thread:
- mailto links [Segmen] (Sep 11)
- Re: mailto links C. Cooke (Sep 11)
- Message not available
- Re: mailto links [Segmen] (Sep 12)
- <Possible follow-ups>
- RE: mailto links Craig Humphrey (Sep 11)
- Message not available
- Re: mailto links Martin Stricker (Sep 12)
- Re: mailto links Scott Buchanan (Sep 13)
- Message not available