On Tue, 3 Nov 1998, kelani wrote: > Date: Tue, 3 Nov 1998 22:25:35 -0500 > From: kelani <kelaniat_private> > To: BUGTRAQat_private > Subject: Form insecurity in Netscape > > *resubmitted with the offending paragraph removed, thanks for your > patience, O phearable one.* > > Greetings all, > > Apologies if it has already been known or was discussed earlier. I see no > mention in the archive, and it's such an obvious thing... > > In the Netscape Navigator 3.x and Communicator 4.x installations at my > school, where all users share a common login, Navigator seems to write a > 'nsformXX.tmp' file when a user fills out a form on a webpage. This file > contains the fields the user filled in as plaintext, and looks like this: Just poking around and checking things here, I found that there are two conditions that *must* be met for this to happen: #1) The form that is submitted must be a MIME-Encoded form (enctype="multipart/form-data" in the <form> tag) as opposed to the default of a URL-Encoded form. (if there's no "enctype" element in a <form> tag, it defaults to URL-Encoded) #2) the environmental variable TEMP *must* be set. This was not the case for my setup until I added it in my autoexec.bat and rebooted. I tested this using Communicator v4.04 on Win95. When I attempted this with a URL-Encoded form, it didn't work. I tested it using a MIME-Encoded form and it still didn't work. So I set TEMP in autoexec and rebooted. Tried it on a URL-Encoded form, and it didn't work. Tried it on the MIME-Encoded form, and a file called nstempCG.tmp showed up in the path that I set TEMP to. Both forms were of my creation on my server here, and I just wrote dummy perl scripts to receive the call from the web server. Hope this helps anyone...... _____________________________________________________________ Andy Avery Systems/Network Administrator Auragen Communications, Inc. 620 Park Ave, Ste. 177 v: 716.242.8759 Rochester, NY 14607 f: 716.242.0417
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:08 PDT