Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")

From: Denis Jedig (seclistsat_private)
Date: Fri Jul 25 2003 - 11:35:55 PDT

Next message: Tina Bird: "question about oracle advisory"

Previous message: Tjebbe de Winter: "Re: e107 website system Vulnerability"
In reply to: http-equivat_private: "TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")"
Next in thread: Stephen Cope: "Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")"
Next in thread: Fabio Pietrosanti (naif): "Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")"
Reply: Stephen Cope: "Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http-equivat_private wrote:
> Content-Type: text/plain;
> [...]
> <img dynsrc=javascript:alert()><font color=red>foo
> 
> The above is a legitimate RFC822 mail message in plain text. 
> Ordinarily one would require an html mail message [Content-Type: 
> text/html;] to parse html and scripting. 

Internet Explorer seems to take no offense on Content-Types either - 
text/plain from a web server is happily rendered as HTML, if it contains 
valid tags.

Denis Jedig
syneticon GbR

Next message: Tina Bird: "question about oracle advisory"
Previous message: Tjebbe de Winter: "Re: e107 website system Vulnerability"
In reply to: http-equivat_private: "TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")"
Next in thread: Stephen Cope: "Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")"
Next in thread: Fabio Pietrosanti (naif): "Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")"
Reply: Stephen Cope: "Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 25 2003 - 12:36:16 PDT