[4169] in bugtraq
Re: Shockwave Security Alert
daemon@ATHENA.MIT.EDU (Joseph Fish)
Fri Mar 14 16:08:17 1997
Date: Fri, 14 Mar 1997 10:49:13 -0500
Reply-To: Joseph Fish <joefish@TRINET.COM>
From: Joseph Fish <joefish@TRINET.COM>
X-To: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.94.970314005833.3895A-100000@dfw.dfw.net>
At 1:01 AM -0600 3/14/97, Aleph One wrote:
>http://www.webcomics.com/shockwave/
>
>
> SHOCKWAVE SECURITY ALERT
>
>
>
> AKA :: How to use Shockwave to read people's Netscape email!
>
> 10-Mar-97 --- reported by: David de Vitry
Cool!
The method of getting the e-mail from Netscape is using a command issued to
Netscape via the mailbox: command. This is possible to do in Java as well.
Shockwave's getNetText will not get text from your local drive by itself.
For instance, I cannot get your autoexec.bat file even though I know the
absolute path to it. This is because it is not in a mailbox file accessible
via the mailbox command in Netscape.
Try typing mailbox: in your URL location and pressing return.
You can also type in: javascript: and press return to access a javascript
test thing.
Or news: to open the news window.
Wheeeeee.....
________________________________________________
Joseph Fish "If I could, I would have a
General Manager, direct connection to my brain"
Internet Services
TriNet Services, Inc. 919-833-2247 x233
URL: http://www.trinet.com/ joefish@trinet.com
________________________________________________
