Nice find. Dougt just filed this as http://bugzilla.mozilla.org/show_bug.cgi?id=95488 (and has already attached a patch), so all you bugtraq readers don't have to file duplicate reports like you did last time :) Jesse Barnaby Gray wrote: >I tried this out on mozilla, lynx and netscape (all linux) and got the >following results: > >mozilla 0.9.1 > >Pops up message: >"Access to the port number given has been disabled for security reasons." >When I tried to get it to connect to ftp (port 21) - however if you add >65536 to this value, so try submitting the form to 65557 it doesn't >complain and will connect to port 21, but gets stuck halfway through >the transmission, without submitting the evil data. Maybe there is a >way round that though. > >lynx will connect fine without complaint. > >netscape communicator (4.77) - couldn't get it to connect even with >the trick of wrapping the port number round. > >Barnaby > >On Wed, Aug 15, 2001 at 09:20:19AM +0200, Jochen Topf wrote: > >>Some HTML browsers can be tricked through the use of HTML forms into sending >>more or less arbitrary data to any TCP port. >> >.. > >>Jochen >>
This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 19:37:37 PDT