Vulnerability Development mailing list archives
Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP)
From: nicolas.justin () FREE FR (Nicolas Justin)
Date: Fri, 10 Mar 2000 23:41:42 +0100
Mikael Olsson wrote :
Speaking of software doing anwanted automatic processing, I just saw one member of this list do something I didn't think was possible. See this vcard attachment: Content-Type: text/x-vcard; charset=iso-8859-2; name="simont.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Simon Tamás Content-Disposition: attachment; filename="simont.vcf" begin:vcard n:Simon;Tamás tel;cell:3630305510 x-mozilla-html:TRUE url:www.westel900.hu org:<IMG SRC="http://users.westel900.net/amk/images/wlogo.gif";>;Special Project adr:;;Kaposvár str. 5-7;Budapest;;1117;Hungary version:2.1 email;internet:simont () westel900 hu title:www sw engineer x-mozilla-cpt:;-1 fn:Simon Tamás end:vcard Look at the IMG SRC tag. Why is my nutscrape parsing the vcard contents as HTML? Is this intended behaviour? I had the idea a while back to implement a mail filter that kills anything looking like HTML (ie stripping all tags from text/html mime sections), but this example shows me the futility of that effort. Ack. -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50 Mobile: +46 (0)70 66 77 636 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
![http://users.westel900.net/amk/images/wlogo.gif"](http://users.westel900.net/amk/images/wlogo.gif"){kind=link}
Add this lines to your procmailrc :0 * ^Content-Type.*text/html* | (formail -r ; echo "You have sent a mail in HTML format, please resend it in plain text format") | /usr/sbin/sendmail -oi -t :0 * ^Content-Type.*multipart/alternative* | (formail -r ; echo "You have sent a mail in HTML format, please resend it in plain text format") | /usr/sbin/sendmail -oi -t So, if you receive a mail in HTML format, it will be trashed and a mail will be sent to the sender. -- ____________________________________________ Nicolas Justin - nicolas.justin () free fr http://surf.to/linux-fr
Current thread:
- Re: spoofing the ethernet address, (continued)
- Re: spoofing the ethernet address Pauli Ojanpera (Mar 02)
- Re: spoofing the ethernet address Seth R Arnold (Mar 05)
- Re: spoofing the ethernet address H D Moore (Mar 05)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 06)
- Re: spoofing the ethernet address Buhrmaster, Gary (Mar 06)
- Re: spoofing the ethernet address Pauli Ojanpera (Mar 06)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 07)
- Re: spoofing the ethernet address Dimitrios Petropoulos x9234 Singer / 4 (Mar 08)
- [Q] CORBA, IIOP Simon Tamás (Mar 08)
- Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Mikael Olsson (Mar 09)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Nicolas Justin (Mar 10)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Liviu Daia (Mar 10)
- MS Frontpage shtml.dll Path Leak Vulnerability Greg (Mar 12)
- NT 4.0 (Workstation) Logon Authentication Vulnerability jhw1970 () HOTMAIL COM (Mar 14)
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Phil Cox (Mar 14)
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Maxime Rousseau (Mar 15)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 07)
- Re: MS Frontpage shtml.dll Path Leak Vulnerability Marc (Mar 14)
- Re: spoofing the ethernet address Pauli Ojanpera (Mar 02)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Simon Tamás (Mar 13)
- (another) MS Outlook hole in embedded metafiles? Michael Wojcik (Mar 08)
- Re: spoofing the ethernet address Pavel Kankovsky (Mar 09)
- Extending the FTP "ALG" vulnerability to any FTP client Mikael Olsson (Mar 10)