Re: The Dangers of Allowing Users to Post Images

From: Jason Bowman (jasonb42at_private)
Date: Thu Aug 02 2001 - 18:50:57 PDT

Next message: SECURITY: "snmpd log files long names problems"

Previous message: Peter Bortas: "Roxen security alert: URL decoding vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 31 July 2001 12:40 pm, Dan Harkless wrote:
> Michal Szokolo <msz@kill-spammers.pmp.com.pl> writes:
> > John Percival wrote:
> > > I'm going to try and throw another issue into this discussion now too:
> > > denial of service. We have discussed it for attacking remote servers,
> > > but not for the client viewing the image. It's something else that I
> > > spotted while I was playing around with this issue just now.
> > >
> > > If you have images that include a mailto:meat_private
> > > source, then the default handler for mailto: links is opened up. Be
> > > that Outlook, Netscape Composer, Eudora, or whatever else you care to
> > > use.
> > >
> > > So if someone embedded 100 (arbitrary figure) mailto: images in a page,
> > > then this would do a lot of harm to the user's computer. At best, it
> > > would get very busy for a few minutes creating new emails, and would be
> > > a pain to clear up. At worst, it could bring the whole system crashing
> > > down.
> >
> > Netscape 4.77 crashes at about 50 such IMG tags, IF they are different
> > (simply putting mailto:fakeluser@fakedomain 100 times won't work (opens
> > only 2 message windows)), but if you go with some script... instant
> > crash (try it now free of charge at http://msz.pmp.com.pl/boom/ ;-)).
>
> Sorry for the very late reply to this thread, but in case anybody's
> wondering whether the recently-released 4.78 fixes this bug, it does not.
>
> When I visit the page, though (and perhaps on version 4.78 in general), it
> doesn't crash until you click on the close box for one of the Composer
> windows.
>
> I tested on Win2K Pro.
>

I tried your crash page in the Konqueror browser, KDE 2.1.1 in linux, RH 7.1 
and it did not effect me. 

You should try htp://robynin.com/ for a really annoying script... Not 
exactly a DOS but still fun : )

Jason B.

PS: Netscape 4 users beware of the page I referenced. While in IE the page is 
annoying the way Netscape 4 handles the javascript it can be nasty... similar 
to a DOS.

Next message: SECURITY: "snmpd log files long names problems"
Previous message: Peter Bortas: "Roxen security alert: URL decoding vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 19:30:48 PDT