Bugtraq mailing list archives
Re: Lynx CRLF Injection, part two
From: Ulf Harnhammar <ulfh () update uu se>
Date: Fri, 23 Aug 2002 11:24:01 +0200 (CEST)
On Fri, 23 Aug 2002, Alberto Devesa wrote:
The same bug seems to affects to the links browser. I have tested it with the 0.96 version. Links is another console browser with extended capabilities not supported by lynx like frames, colors and menus.
Yes. The enhanced version elinks is also affected. Some versions of links and elinks URL-encode the space character, so you have to use tab characters instead of spaces to exploit this. Both the links and the elinks maintainers were notified on the 13th of August, but as they both live in the Czech Republic, they have been affected by the recent floods in Central Europe. Because of this dilemma, it is possible that they would appreciate a patch for this security hole from some experienced C programmer (unlike myself). // Ulf Harnhammar ulfh () update uu se
Current thread:
- Lynx CRLF Injection, part two Ulf Harnhammar (Aug 22)
- Re: Lynx CRLF Injection, part two Alberto Devesa (Aug 23)
- Re: Lynx CRLF Injection, part two Ulf Harnhammar (Aug 23)
- Re: Lynx CRLF Injection, part two Petr Baudis (Aug 29)
- Re: Lynx CRLF Injection, part two Alberto Devesa (Aug 23)