Browsers’ FTP Client can be Used to Send Mail

Both Internet Explorer and Konqueror can be tricked into sending mail through its FTP client without any more user interaction than loading a page.

Vulnerable Systems:
 * Internet Explorer version 6 SP1
 * Konqueror version 3.2

Immune Systems:
 * Mozilla Firefox version 1.0

Both Internet Explorer and Konqueror will accept %0a and %0d in URLs. In FTP URLs, it will accept them in the username part of the URL. Due to the similarity between the FTP and SMTP protocols, this can be used to send mail.

Spammers could host websites that contain images causing website visitors to spam more people. There are probably other protocols that the FTP client could be used to maliciously access.

Leave a Reply