Bugtraq mailing list archives

HTML Form Protocol Attack

From: Jochen Topf <jochen () remote org>
Date: Wed, 15 Aug 2001 09:20:19 +0200

Some HTML browsers can be tricked through the use of HTML forms into sending
more or less arbitrary data to any TCP port. This can be used to send
commands to servers using ASCII based protocols like SMTP, NNTP, POP3, IMAP,
IRC, and probably others. By sending HTML email to unsuspecting users or
using a trojan HTML page, an attacker might be able to send mail or post
Usenet News through servers normally not accessible to him. In special cases
an attacker might be able to do other harm, e.g. deleting mail from a POP3
mailbox.

In most situations this attack would not be considered a big problem, but
it is an interesting example on how the combination of several innocuous
and seemingly totally unrelated protocol features can be used to mount
an attack.

A paper describing this "HTML Form Protocol Attack" is available at

  http://www.remote.org/jochen/sec/hfpa/index.html

The Postscript version is attached to this mail.

Jochen

Attachment: hfpa.ps.gz
Description:

Current thread:

HTML Form Protocol Attack Jochen Topf (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
  - Re: HTML Form Protocol Attack Jesse Ruderman (Aug 15)
  - Re: HTML Form Protocol Attack Sevo Stille (Aug 15)
    - Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
    - Re: HTML Form Protocol Attack Jim Paris (Aug 15)
    - Re: HTML Form Protocol Attack Barnaby Gray (Aug 16)
    - Re: HTML Form Protocol Attack Mark van Walraven (Aug 16)
    - Re: HTML Form Protocol Attack Gustavo Molina (Aug 15)
  - Re: HTML Form Protocol Attack Bruno Treguier (Aug 16)
    - RE: HTML Form Protocol Attack Bennett Samowich (Aug 16)

(Thread continues...)