TUCoPS :: Web :: IIS :: web4994.htm

IIS Asp CDONTS.NEWMAIL server side script maybe fooled to send forged e-mails
14th Jan 2002 [SBWID-4994]
COMMAND

	IIS Asp CDONTS.NEWMAIL server side script maybe fooled  to  send  forged
	e-mails

SYSTEMS AFFECTED

	IIS 5.0 ??

PROBLEM

	From David Litchfield advisory [www.ngssoftware.com] :
	

	The CDONTS.NEWMAIL used in many ASP based forums does not handle  %0D%0A
	(newline) stripping from  arguments.  Hence  it  is  possible  to  forge
	e-mail\'s via simple mail commands emmbeded in the arguments  passed  to
	CDONTS.NEWMAIL.
	

	 Sample :

	 ========

	

	http://victim/bad_with_email_tag.asp?email=target@dot.com%0D%0Adata%0D%0ASubject:%20Spoofed!%0D%0A%0D%0AHi,%0D%0AThis%20is%20a%20spoofed%20email%0D%0A.%0D%0Aquit%0D%0A

	

SOLUTION

	Strip  \"newline\"  chars  from  arguments  before  feeding  CDONTS  asp
	scripts

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH