Vulnerability Development mailing list archives
Attacking internal FTP servers via browsers
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Sat, 11 Mar 2000 18:24:55 +0100
Something just struck me regarding the capabilities of browsers, URLs, ascii escaping and FTP. Since we know this to work: <img src="ftp://someserver/aaaaaaaaaaa%0d%0amore_commands"> - would it not be safe to assume that pretty much ANY ascii code can be fed to the browser, which in turn would happily translate it to their raw ascii equivalents before doing the actual FTP "RETR" command? Now, what if we know that there is an internal FTP server somewhere, and we know that there is a hole in it (buffer overrun, for instance), wouldn't it be _REALLY_EASY_ to attack it through some unknowing user reading his/her mail? Just a thought :-) /Mike ps. I hate browsers. :-P -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-66 77 636 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Attacking internal FTP servers via browsers Mikael Olsson (Mar 11)