On Tue, 11 Sep 2001, [Segmen] wrote: > Apologies in advance if this is a known issue. > > I discovered this a few days ago, a friend advised me to submit it to > BugTraq. > > As I'm sure you all know, mailto links do not have to hold just an address, > they can also pass parameters for use as the email Subject and Body. These > parameters takes format > "mailto:username@host.com?Subject=SubjectGoesHere&Body=BodyGoesHere"; . We > can also Hex-Encode characters so we can use > "mailto:username@host.com?Subject=Subject%20Goes%20Here&Body=Body%20Goes%20H > ere" . But we can fit quite a lot of data into the Body field, which means > we can Hex-encode some uuencoded data into there. [ Apologies if the link > wraps ] > I have been experimenting with Internet Explorer 6, and Outlook Express 6 > and have been able to pass some uuencoded files with the mailto. Hmm. And there's the img tag bug that Microsoft declined to fix... Considering that you can force the browser to automatically talk to your mail client and make it start a new email address with <img src=mailto:user@host>, what extra trickery could be done with this? Can you make it send the mail? If so, you could cause a huge DoS simply by making a couple of IE users view a simple web page. -- Charles Cooke, Sysadmin Say it with flowers, send a triffid.
