Rip Toren <[EMAIL PROTECTED]> wrote:
> don't follow what the browser does to tie the two (it's input and
> sendmail) together.
It connects, sends all the commands need to send an email, quits, and then
gives an error because the browser didn't get what it was expecting.
> Can you go into more detail about the significance of the LineFeed and
> the SMTP commands?
The linefeed gets past the authentication which the browser would be sending
to the remote server at the time. When connected to an SMTP server, this
would cause an error, which the browser would ignore. Then the SMTP server
would be waiting for commands on the next line, which would be given in the
rest of the URL.
I'm too lazy to type out the URL-encoded example, but from the looks of the
previous example, it'd be easy to lengthen it out to not just connect and
send a linefeed, but to send an entire sequence of SMTP commands and text
to send an email. So I, as a spammer, could embed some irritating URL in a
webpage that would cause you, the client, to send spam for me via your mail
relay. You'd only notice a broken image perhaps, or maybe something with a
weird longassed URL that you'd think odd.
--
Brandon Hume - hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/
-> Solaris Snob and general NOCMonkey
-> (Rated M, for Monkey!)
