lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: dfbarth at akiva.com (David Bartholomew) Subject: 3 new MS patches next week... but none fix 0x01! Curious. I wondered why I didn't see the little control character marker in there when I pulled this page up like I did with the front page. It's interesting, too, that someone should bother to put this sort of stuff in the form action section - but as a test I went and filled out the initial form with random info, just to see what the whole thing looked like. Figured that maybe they were putting the text in place to 'fill' your status bar so that you couldn't see the real stuff at the end of it. Seemed to be what happened. It seems like so much work to bother with the 0x01 exploit at the beginning of the whole thing, when you could have just as readily done all this with javascript onmouseover events so that unless you looked at the source, the button would have looked totally legit. .dfbarth *** David Bartholomew, MCSE, MCSA, MCP, Net+, A+ Technical Lead - Akiva, Inc. *** -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Paul Szabo Sent: Sunday, January 11, 2004 12:37 AM To: dfbarth@...va.com; full-disclosure@...ts.netsys.com Subject: RE: [Full-Disclosure] 3 new MS patches next week... but none fix 0x01! > ... and I've got this question for the list: > > This really long 'form action' item > http://www.citibank.com:achaaa9uwdtyazjwvwaaaa9p398haaa9uwdtyazjwvwaboundpyw > wgc2l6zt00pjxtvgc2l6zt00pjxywwgc2l6zt00pjxt398haaa9uwdtyazjwvwaaoundpywwgc2l > 6zt00pjxtvgc2l6zt00pjxvgc2l6zt00pjxt@....239.150.170/login/form.php > > obviously contains the 0x01 exploit. What I'm curious about is the HUGE > amount of crap in between the : and the @ sign. I mean, if the 0x01 exploit > is 'good enough', what's with the extra characters? Hmmm... where in there do you see %01? No, that is no 0x01 exploit, but just user:password@...t quasi-RFC-compliant usage. The string is long so as to leave the user staring at the citibank+gibberish part, not to be made suspicious of the @IP part. Cheers, Paul Szabo - psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists