joshua stein
via
@jcs@jcs.org
-
Feb 26 2024 21:49:29
For any pentesters out there, I came across this wacky MIME syntax for an e-mail attachment in RFC 2231 that is properly parsed by iOS Mail and other things, but I'm curious if it can make a .exe attachment pass through an e-mail scanning appliance:
Content-Type: application/octet-stream
Content-Disposition: attachment;
filename*0="a.txt";
filename*1=".ex";
filename*2="e";
Which is to be properly decoded as:
Content-Disposition: attachment; filename="a.txt.exe"
Section 4.1 says this encoded syntax is also legal:
Content-Type: application/octet-stream
Content-Disposition: attachment;
filename*=us-ascii'en-us'a.txt%00%2E%65%78%65
iOS Mail displays it as "a.txt<?>.exe" and can't seem to download it. Mutt and FastMail's web interface stop at the null byte and just show "a.txt".