[20671] in bugtraq
%25c double-parse vulnerability exploitable via email
daemon@ATHENA.MIT.EDU (yehuda)
Wed May 16 13:53:47 2001
Message-ID: <F1DF2E9600D2D4119FF8004033E3F33F0B019B@nyessutton3.essutton.com>
From: yehuda <yehuda@essutton.com>
To: "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Date: Wed, 16 May 2001 11:58:00 -0400
MIME-Version: 1.0
Content-Type: text/plain
This may be obvious, but even if a server is not accessible to the
internet, you can exploit it via email. All you need is the following
information:
> 1 - an email address on their network. It must be one that someone will
> read, and the person must be using a reader that renders html mail.
> 2 - the hostname or IP of the win2k server
>
> all you need to do is craft an html email to your mail user (see 1 above)
> with the %25c double-parse vulnerability as a url in the mail message.
> (Use an img tag so it will run automatically and attempt to download an
> "image".)
>
> user reads the message, and blammo!
>
if an administrator feels he doesn't need to patch his win2k server
because it's not available on the internet, think again.
