Andrew Zonenberg on Nostr: npub1k2pk2…skhdz Lol I wasn't into browser x-dev. What I did do was chain this with ...
npub1k2pk25uqk7698nw6klprr73dr7s9fwhn8vugpcdxav9x20vpn26qyskhdz (npub1k2p…khdz) Lol I wasn't into browser x-dev.
What I did do was chain this with the fact that the school webmail client (old-at-the-time build of emumail) didn't have good XSS filtering and would happily render most JavaScript in incoming email.
And the SMTP server didn't require auth so it was trivial to spoof mail from any rpi.edu address to any other.
So i could email a classmate "from" a professor or the president or something and run JavaScript in their mail client.
My demo got the point across and they turned on SMTP auth soon after. Retiring the old webmail client took a while but it eventually went away too.
Published at
2024-10-25 09:37:53Event JSON
{
"id": "9fd4ba88c7ab2c02c1bcf8d5d24e680d1d3038275b41dafbbaf8b50c5a75021b",
"pubkey": "c35a8fae05a838b863707803bb1fdfcfcbb39adcf01ee1a9fc52ef44998ce4c0",
"created_at": 1729849073,
"kind": 1,
"tags": [
[
"p",
"b283655380b7b453cddab7c231fa2d1fa054baf33b3880e1a6eb0a653d819ab4",
"wss://relay.mostr.pub"
],
[
"p",
"b5ec721a9eb797a559311e6f43afa263fba71105967ea99fba59268b06f21939",
"wss://relay.mostr.pub"
],
[
"e",
"02e4b52a609edc89e2d25489f37733bff9c3a53aa57dc601759e0a75a6209a65",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://ioc.exchange/users/azonenberg/statuses/113367388869771826",
"activitypub"
]
],
"content": "nostr:npub1k2pk25uqk7698nw6klprr73dr7s9fwhn8vugpcdxav9x20vpn26qyskhdz Lol I wasn't into browser x-dev.\n\nWhat I did do was chain this with the fact that the school webmail client (old-at-the-time build of emumail) didn't have good XSS filtering and would happily render most JavaScript in incoming email.\n\nAnd the SMTP server didn't require auth so it was trivial to spoof mail from any rpi.edu address to any other.\n\nSo i could email a classmate \"from\" a professor or the president or something and run JavaScript in their mail client.\n\nMy demo got the point across and they turned on SMTP auth soon after. Retiring the old webmail client took a while but it eventually went away too.",
"sig": "a8a0703639cbdb79da7c79e1edd083c63071d8e7dcaa2244110039f229cccd553157aa36372d5681baf291316a8cf5992818609041b8e7fe90921b50a0d5e0f7"
}