Andrew Zonenberg on Nostr: npub1k2pk2…skhdz Lol I wasn't into browser x-dev. What I did do was chain this with ...
npub1k2pk25uqk7698nw6klprr73dr7s9fwhn8vugpcdxav9x20vpn26qyskhdz (npub1k2p…khdz) Lol I wasn't into browser x-dev.
What I did do was chain this with the fact that the school webmail client (old-at-the-time build of emumail) didn't have good XSS filtering and would happily render most JavaScript in incoming email.
And the SMTP server didn't require auth so it was trivial to spoof mail from any rpi.edu address to any other.
So i could email a classmate "from" a professor or the president or something and run JavaScript in their mail client.
My demo got the point across and they turned on SMTP auth soon after. Retiring the old webmail client took a while but it eventually went away too.
What I did do was chain this with the fact that the school webmail client (old-at-the-time build of emumail) didn't have good XSS filtering and would happily render most JavaScript in incoming email.
And the SMTP server didn't require auth so it was trivial to spoof mail from any rpi.edu address to any other.
So i could email a classmate "from" a professor or the president or something and run JavaScript in their mail client.
My demo got the point across and they turned on SMTP auth soon after. Retiring the old webmail client took a while but it eventually went away too.