Re: Operation TIPS

From: iangreen@ao.com.au
Date: 08/19/02

• Previous message: iangreen@ao.com.au: "Re: IE without Images"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 19 Aug 2002 01:50:39 -0000
From: <iangreen@ao.com.au>
To: vuln-dev@securityfocus.com

('binary' encoding is not supported, stored as-is) In-Reply-To: <Pine.LNX.4.21.0207171036190.3241-100000@0.undisputed.net>

Having looked over the source I only see how it validates the data
the user has supplied themselves. I don't see anywhere that names in
the database are downloaded to the client.

Maybe this would reveal itself if I tried numerous variations on the
URL the form is sent to?

"./insert_sendemail.jsp"

ie. https://www.citizencorps.gov/citizen/jsp/insert_sendemail.jsp

I have not tried this.

Any further information?

(Of course, this is only for my own educational purposes.)

---

• Previous message: iangreen@ao.com.au: "Re: IE without Images"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2002-08