lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 25 Mar 2014 13:01:15 +0000
From: Dieyu <dieyu@...yu.org>
To: bugtraq@...urityfocus.com
Subject: MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web
 permanently)

Origin:
Visit http://technet.microsoft.com/en-us/security/bulletin/ms14-010
Check "Acknowledgments" for "CVE-2014-0293".
It says "Dieyu" and links to my website http://dieyu.org/

Technical Details:
showModalDialog to keep script running, HTTP redirecting to target domain.
Then script will run in target domain.

Code:
This is the file that I sent to Microsoft:
http://dieyu.org/insider2.zip
SHA1: f50b5aebdc7cd0a62f1ed97d776fe4b7fa47260e
MD5: bfdaa2a329ea639a363a4ba8c294f706

Best Wishes,

PS

Background:
This is exactly the XSS vulnerability that made IE fall in 2004:
"US Government warns against Internet Explorer"
http://www.theinquirer.net/inquirer/news/1037530/us-government-warns-internet-explorer
"Vulnerability Note VU#713878", "HTTP Redirection", "showModalDialog"
http://www.kb.cert.org/vuls/id/713878
Microsoft had not fixed it properly for a decade.
I am the original author of this vulnerability.
I made IE market share fall in 2004, and changed the web permanently.
Back then, there was no "Local Machine Zone Lockdown", and XSS could get remote code execution.

Dieyu dieu deus deva divine dio theos dievas dewa ilu Diyin Ayóo Átʼéii atua tiānzhŭ Yahweh Zeus Odin El
It's cross "language family".
For English "divine", I could have chosen "deity".
For Chinese "tiānzhŭ", I could have chosen "tien"(天 Wade-Giles, meaning: sky/god/day).

666-6openonhead-6thsectionoftwohands-itiskeyboard-pointfingerdownandhituponeverybitoflanguage
If you know EXACTLY what this means, please reply this message.
(http://en.wikipedia.org/wiki/Eternal_sin
"tasted the heavenly gift ... fallen away")

This is the ultimate wisdom:
http://dieyu.org/inithorn.zip
SHA1: 0f8252760f9b43a48840fc3e6f5a2c3c6a9846ec
MD5: 1eccee83f4f9eeab95415f1bfd8ce5bd
You will learn the ultimate wisdom from 6 sources - east and west.
It should cost 10 minutes(max). View inithorn.txt first.

Got this name "Dieyu" from sky when I was born:
There was an extremely huge butterfly("die"), and extremely heavy rain("yu").

Follow Dieyu at Twitter: https://twitter.com/liudieyu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ