Bugtraq mailing list archives
Re: HTML Form Protocol Attack
From: Jesse Ruderman <jesse () netscape com>
Date: Wed, 15 Aug 2001 16:36:37 -0700
Nice find. Dougt just filed this as http://bugzilla.mozilla.org/show_bug.cgi?id=95488 (and has already attached a patch), so all you bugtraq readers don't have to file duplicate reports like you did last time :)
Jesse Barnaby Gray wrote:
I tried this out on mozilla, lynx and netscape (all linux) and got the following results: mozilla 0.9.1 Pops up message: "Access to the port number given has been disabled for security reasons." When I tried to get it to connect to ftp (port 21) - however if you add 65536 to this value, so try submitting the form to 65557 it doesn't complain and will connect to port 21, but gets stuck halfway through the transmission, without submitting the evil data. Maybe there is a way round that though. lynx will connect fine without complaint. netscape communicator (4.77) - couldn't get it to connect even with the trick of wrapping the port number round. Barnaby On Wed, Aug 15, 2001 at 09:20:19AM +0200, Jochen Topf wrote:Some HTML browsers can be tricked through the use of HTML forms into sending more or less arbitrary data to any TCP port...Jochen
Current thread:
- HTML Form Protocol Attack Jochen Topf (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
- Re: HTML Form Protocol Attack Jesse Ruderman (Aug 15)
- Re: HTML Form Protocol Attack Sevo Stille (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
- Re: HTML Form Protocol Attack Jim Paris (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 16)
- Re: HTML Form Protocol Attack Mark van Walraven (Aug 16)
- Re: HTML Form Protocol Attack Gustavo Molina (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
- RE: HTML Form Protocol Attack Bennett Samowich (Aug 16)
- <Possible follow-ups>
- RE: HTML Form Protocol Attack Bennett Samowich (Aug 18)