Re: Webmail.bellsouth.net security problems

From: Alan Cox (alanat_private)
Date: Wed Aug 26 1998 - 18:51:44 PDT

Next message: dcuppat_private: "Security Hole in Axent ESM"

Previous message: Guezou Philippe: "Re: News DoS using sendsys"
Maybe in reply to: Leonid S. Knyshov: "Webmail.bellsouth.net security problems"
Next in thread: Joe: "Re: Webmail.bellsouth.net security problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> blah
> <a href="Javascript:clickSubmit()">link text here</a>
> blah
> blah
> blah
> </FORM>
>
> Following the link should then submit the form.

That doesnt cover non javascript browsers, so you've just eliminated
the hackers and the blind in one move.

A better approach is to also include a non javascript target that
is a cgi whose sole purpose is to redirect the user on again but
with a clean referrer

Next message: dcuppat_private: "Security Hole in Axent ESM"
Previous message: Guezou Philippe: "Re: News DoS using sendsys"
Maybe in reply to: Leonid S. Knyshov: "Webmail.bellsouth.net security problems"
Next in thread: Joe: "Re: Webmail.bellsouth.net security problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:40 PDT