Re: OBJECT Bugs or Features

Valdis.Kletnieks_at_vt.edu
Date: 06/08/04

Next message: Tom: "[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability"

Previous message: Tom: "[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation"
In reply to: James C Slora Jr: "OBJECT Bugs or Features"
Next in thread: James C Slora Jr: "RE: OBJECT Bugs or Features"
Reply: James C Slora Jr: "RE: OBJECT Bugs or Features"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: James C Slora Jr <Jim.Slora@phra.com>
Date: Mon, 07 Jun 2004 19:49:28 -0400

On Mon, 07 Jun 2004 16:15:47 EDT, James C Slora Jr <Jim.Slora@phra.com> said:

> 2. Should an email client process an OBJECT tag that is not even embedded
> within HTML tags?

> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
>
> ~object
> data=3D"http://www.seductiveones.~biz/easy/orrorr/sock/page.~php"~=20

Well.. at least it's a text/html. Does it work if the Content-Type: is text/plain?

application/pgp-signature attachment: stored

Next message: Tom: "[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability"

Previous message: Tom: "[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation"
In reply to: James C Slora Jr: "OBJECT Bugs or Features"
Next in thread: James C Slora Jr: "RE: OBJECT Bugs or Features"
Reply: James C Slora Jr: "RE: OBJECT Bugs or Features"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

www.derkeiler.com > Mailing-Lists > securityfocus > bugtraq > 2004-06