The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Netscape passes mailbox path and message ID as refferer


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
X-RDate: Mon, 30 Mar 1998 08:53:53 +0600 (ESD)
Date: Sat, 28 Mar 1998 14:28:17 +0100
From: Rop Gonggrijp <[email protected]>
To: [email protected]
Subject: Netscape passes mailbox path and message ID as refferer

This may be old stuff, but it surprised me. I was just made aware that when
someone clicks on a URL in an incoming message while reading mail in
Netscape's reader, at least some versions of Netscape pass Refferer URLs in
the following format to the server serving that URL:

> mailbox:/pbhrzs0/u5_s0/user_e/e99406/nsmail/[email protected]&number=2159429
> mailbox:/Power%20HD/System%20Folder/Preferences/Netscape%20Users/Brian/Mail/Jean%20Michel%[email protected]&number=2
> mailbox:/Harddisk/System%20Folder/Preferences/Netscape%20%C4/Mail/[email protected]&number=307371
> mailbox:/Z|/perso/Mail/[email protected]&number=203034
> mailbox:/home/fklee/nsmail/[email protected]&number=361

Note that in some configurations the user name shows up in the mailbox path,
along with information that might be usable for outside intrusions (such as
Windows share names), and that the message-ID of the E-mail message shows.

Maybe less surprising: It also passes file: URLs including the complete
path if you click in a file that's on disk. This also seems to include, at
least in some cases, the location of the bookmark file, including path.

> file:///c%7C/Program%20Files/Netscape/Users/jurjen_vdbroeck/bookmark.htm


This makes me even more happy to be running Junkbuster.

--
Rop Gonggrijp <[email protected]>

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру