lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 22 Jun 2004 11:47:25 -0300
From: "Fabricio A. Angeletti" <hellmind@...ten.daemon.sh>
To: <bugtraq@...urityfocus.com>, <liudieyu@...rella.name>
Subject: Re:  IE/0DAY -> Insider Prototype


Permision Denied
For me
xp full patched sp 1
----- Original Message ----- 
From: <liudieyu@...rella.name>
To: <bugtraq@...urityfocus.com>
Sent: Monday, June 21, 2004 4:35 AM
Subject: IE/0DAY -> Insider Prototype


>
>
> [tested]
> Internet Explorer 6 SP1 running on Windows XP(Home Edition) Service Pack
1a
> Updated on 2004/07/21 GMT+800
>
> [intro]
> "the-insider" exploit was first noticed by the-insider:
>
http://umbrella.name/iebug.com/display-singlemessage.php?readmsg:fulldisclosure_message-2004060050
> and then documented by jelmer:
>
http://umbrella.name/iebug.com/display-singlemessage.php?readmsg:fulldisclosure_message-2004060124
> http://62.131.86.111/analysis.htm
>
> [what is new]
> the exploit is complicated.
>
> i just simplified the exploit and made a very small demo of the xss
> vulnerability:
> http://UMBRELLA.NAME/originalvuln/InsiderPrototype/demo.htm
> i hope it helps those who are confused by tons of code there in the
> exploit.
>
> the prototype is actually extremely simple - and cool.
>
> that's all.
>
> [request your comment on iebug.com]
> btw, what do you think of iebug.com
> http://iebug.com
> ?
> do you prefer just reading selected messages?
> i can make iebug display selected messages only; i can enable all
> visitors to vote for a message - or you have a better idea for
> iebug.com?
>
> please comment on iebug.com and let me know.
>
> iebug.com:
> -----
> Security and Vulnerability Discussion related to Internet Explorer,
> Outlook, Java Virtual Machine and Windows Media Player found at
> bugtraq, full-disclosure and microsoft security bulletin
>
> up-to-hour
> -----
>
> [ps]
> have a nice day,
>
> greetingz fly to: the Pull and dror
> and all real full-disclosure guys, especially: malware and jelmer
> and at last,but not least, all guys who helped improving winblox,
epecially:
> mdc12 and morning_wood
> for contributing their code - it's a shame that i got some goddamned exams
in
> the remaining june.
>
> i deleted all my email messages, please resend your email if i missed.
>
> liu die yu
> http://umbrella.name/
>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ