← Back to Notes

joshua stein via @jcs@jcs.org (Mastodon) - Feb 26 2024 21:49:29

For any pentesters out there, I came across this wacky MIME syntax for an e-mail attachment in RFC 2231 that is properly parsed by iOS Mail and other things, but I'm curious if it can make a .exe attachment pass through an e-mail scanning appliance:

Content-Type: application/octet-stream
Content-Disposition: attachment;
filename*0="a.txt";
filename*1=".ex";
filename*2="e";

Which is to be properly decoded as:

Content-Disposition: attachment; filename="a.txt.exe"

Section 4.1 says this encoded syntax is also legal:

Content-Type: application/octet-stream
Content-Disposition: attachment;
filename*=us-ascii'en-us'a.txt%00%2E%65%78%65

iOS Mail displays it as "a.txt<?>.exe" and can't seem to download it. Mutt and FastMail's web interface stop at the null byte and just show "a.txt".