On Wed, 2009-05-20 at 13:52 +0100, Justin Mason wrote:
> there is another catch, too, for HTML messages -- it's trivial with
> CSS or javascript
That's trivial to do with pure HTML, too, no need for funky tricks some
MUAs might not understand or render. Oh, and it actually is even
trivial to do with the MIME structure and a spammy text/plain payload.
> to "pad" a HTML page with an initial 500KB of innocuous content, then
> "overwrite"
> that padding with a later chunk of HTML loaded from later in the source.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
