Bugtraq: Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")

From: Denis Jedig <seclists () syneticon de>
Date: Fri, 25 Jul 2003 20:35:55 +0200

http-equiv () excite com wrote:

Content-Type: text/plain;
[...]
<img dynsrc=javascript:alert()><font color=red>foo
The above is a legitimate RFC822 mail message in plain text.Ordinarily one would require an html mail message [Content-Type:text/html;] to parse html and scripting.

Internet Explorer seems to take no offense on Content-Types either -text/plain from a web server is happily rendered as HTML, if it containsvalid tags.


Denis Jedig
syneticon GbR

By Date By Thread

Current thread:

TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") http-equiv () excite com (Jul 25)
- Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Denis Jedig (Jul 25)
  - Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Kee Hinckley (Jul 26)
  - Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") pre (Jul 28)
  - Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Stephen Cope (Jul 28)
    - Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") pre (Jul 30)
- Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Fabio Pietrosanti (naif) (Jul 28)