[7764] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Webmail.bellsouth.net security problems

daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Aug 26 21:24:37 1998

Date: 	Thu, 27 Aug 1998 02:51:44 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To:         rudeyak@YAHOO.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <19980826170037.5159.rocketmail@send1e.yahoomail.com> from "Rude
              Yak" at Aug 26, 98 10:00:37 am

> blah
> <a href="Javascript:clickSubmit()">link text here</a>
> blah
> blah
> blah
> </FORM>
>
> Following the link should then submit the form.

That doesnt cover non javascript browsers, so you've just eliminated
the hackers and the blind in one move.

A better approach is to also include a non javascript target that
is a cgi whose sole purpose is to redirect the user on again but
with a clean referrer


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[7764] in bugtraq

Re: Webmail.bellsouth.net security problems

daemon@ATHENA.MIT.EDU (Alan Cox)Wed Aug 26 21:24:37 1998

daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Aug 26 21:24:37 1998