Barnaby Gray wrote: > I tried this out on mozilla, lynx and netscape (all linux) and got the > following results: > > mozilla 0.9.1 > > Pops up message: > "Access to the port number given has been disabled for security reasons." For ports below 80. There are a lot of other potentially vulnerable services above 80. pop3 in particular is used by the largest German ISP without password authentication (users are authenticated through their temporary IP address and associated Radius information), so the described pop3 deletion attacks against their users email would very trivial. > When I tried to get it to connect to ftp (port 21) - however if you add > 65536 to this value, so try submitting the form to 65557 it doesn't > complain and will connect to port 21, Which opens the remaining ports... > but gets stuck halfway through > the transmission, without submitting the evil data. Not stuck - unless you send a carefully crafted form faking a ftp session, the ftp server would be waiting for some valid ftp commands to roll in. Sevo -- Sevo Stille sevoat_private
This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 19:38:34 PDT