Re: mailto links

["C. Cooke" <ccooke () cus org uk>]

On Tue, 11 Sep 2001, [Segmen] wrote:

> Apologies in advance if this is a known issue.
>
> I discovered this a few days ago, a friend advised me to submit it to
> BugTraq.
>
> As I'm sure you all know, mailto links do not have to hold just an address,
> they can also pass parameters for use as the email Subject and Body. These
> parameters takes format
> "mailto:username () host com?Subject=SubjectGoesHere&Body=BodyGoesHere" . We
> can also Hex-Encode characters so we can use
> "mailto:username () host com?Subject=Subject%20Goes%20Here&Body=Body%20Goes%20H
> ere" . But we can fit quite a lot of data into the Body field, which means
> we can Hex-encode some uuencoded data into there. [ Apologies if the link
> wraps ]
> I have been experimenting with Internet Explorer 6, and Outlook Express 6
> and have been able to pass some uuencoded files with the mailto.

Hmm. And there's the img tag bug that Microsoft declined to fix...
Considering that you can force the browser to automatically talk to your
mail client and make it start a new email address with
<img src=mailto:user@host>, what extra trickery could be done with this?
Can you make it send the mail? If so, you could cause a huge DoS simply by
making a couple of IE users view a simple web page.

-- 
Charles Cooke, Sysadmin
Say it with flowers, send a triffid.