Netscape passes mailbox path and message ID as refferer

Rop Gonggrijp (rop@ITSX.COM)
Sat, 28 Mar 1998 14:28:17 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: HKirk: "Hole."
Previous message: Peter van Dijk: "easy DoS in most RPC apps"

This may be old stuff, but it surprised me. I was just made aware that when
someone clicks on a URL in an incoming message while reading mail in
Netscape's reader, at least some versions of Netscape pass Refferer URLs in
the following format to the server serving that URL:

> mailbox:/pbhrzs0/u5_s0/user_e/e99406/nsmail/Inbox?id=199802152301.AAA10398@xs2.xs4all.nl&number=2159429
> mailbox:/Power%20HD/System%20Folder/Preferences/Netscape%20Users/Brian/Mail/Jean%20Michel%20Jarre?id=19970825211854.31559@grendel.IAEhv.nl&number=2
> mailbox:/Harddisk/System%20Folder/Preferences/Netscape%20%C4/Mail/Jarre?id=199803172236.XAA18444@xs2.xs4all.nl&number=307371
> mailbox:/Z|/perso/Mail/Inbox?id=199803172236.XAA18444@xs2.xs4all.nl&number=203034
> mailbox:/home/fklee/nsmail/Inbox?id=199803172236.XAA18444@xs2.xs4all.nl&number=361

Note that in some configurations the user name shows up in the mailbox path,
along with information that might be usable for outside intrusions (such as
Windows share names), and that the message-ID of the E-mail message shows.

Maybe less surprising: It also passes file: URLs including the complete
path if you click in a file that's on disk. This also seems to include, at
least in some cases, the location of the bookmark file, including path.

> file:///c%7C/Program%20Files/Netscape/Users/jurjen_vdbroeck/bookmark.htm

This makes me even more happy to be running Junkbuster.

--
Rop Gonggrijp <rop@itsx.com>

Next message: HKirk: "Hole."
Previous message: Peter van Dijk: "easy DoS in most RPC apps"