From: Bill Stewart <stewarts@ix.netcom.com>
To: daw@cs.berkeley.edu
Message Hash: 48609a521c425963d68187fc13ad1ef30f5130ba250eb5994ff3081047563ad5
Message ID: <199602290845.AAA03957@ix4.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1996-02-29 21:50:42 UTC
Raw Date: Fri, 1 Mar 1996 05:50:42 +0800
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 1 Mar 1996 05:50:42 +0800
To: daw@cs.berkeley.edu
Subject: Re: fun with the web and security
Message-ID: <199602290845.AAA03957@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 06:38 PM 2/27/96 -0800, you wrote:
>Here's a fun way to exploit security holes via the web:
> http://www.cs.berkeley.edu/~daw/js1.html
>A rough representation of its contents follow.
Well, that was amusing. (It gophered to localhost:25 and sent
some mail and attempted to exploit a traditional sendmail bug.)
I was wondering what would happen, since I'm behind a firewall
and don't _have_ an SMTP listener on port 25, nor does my PC really
do localhost in any useful manner. What happened, of course,
was that Netscape used my proxy settings for gopher,
sent the request to the firewall, and tried to connect to localhost:25 there;
it answered, accepted some mail for delivery, then
503 Need MAIL before RCPT
503 Need MAIL command
500 Command unrecognized
... many of these
500 Command unrecognized
501 Syntax error in parameters scanning "root@localhost"
500 Command unrecognized
500 Command unrecognized
500 Command unrecognized
221 [MY PROXY MACHINE'S NAME]. closing connection
Good stuff. (And I assume the proxy server had the debug hole blocked...)
#--
# Thanks; Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs Pager +1-408-787-1281
Return to February 1996
Return to “Bill Stewart <stewarts@ix.netcom.com>”
1996-02-29 (Fri, 1 Mar 1996 05:50:42 +0800) - Re: fun with the web and security - Bill Stewart <stewarts@ix.netcom.com>