lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 12 Jun 2011 10:02:15 +1000
From: "-= Glowing Doom =-" <secn3t@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: POC for a simple gmail/possible code injection
 into html wich can be executed in an email,
 i will make the PoC code and explain how here and now...

Systems wich appear vulnerable: EVERY single one i have tried...

How:

I wrote that sentecne, then, i backspaced it and blacked it over with copy ,
then, enter url to wherver i want...
There is 3 ways i have found todo this, when i dissected one of them, the
URL/Sentence, was gfull of x41\x41\x41 , very strange... because it is still
able to be done 3 ways, and the simplest way does NOT require even html
'link' to section, wich is what MST be done, altho on older emailer systems,
I see that it is simple as backspace over the sentence,then type the url, it
a'appears' at first , to be a normal deleted sentence, but when I open and
dissect, it shows URL/41/41/41 then all over the email page, same thing ...
I know this might be confusing,  I traced the problem to a dll or lib wich
is for text editing , and that dll is a VERY common one on any system, sofar
not one mailing system, has NOT had this vuln... yet, i have seen another
'version' of this attack type, but, they can ONLY spoof a URL... This one,
you can make the whole email, a url... i will do this right now..


PoC1.
Ok, this is a PoC , this actual whole sentence...<http://www.lemonparty.biz>


PoC 2:

I wrote that sentecne, then, i backspaced it and blacked it over with copy ,
then, enter url to wherver i want...There is 3 ways i have found todo this,
when i dissected one of them, the URL/Sentence, was gfull of x41\x41\x41 ,
very strange... because it is still able to be done 3 ways, and the simplest
way does NOT require even html 'link' to section, wich is what MST be done,
altho on older emailer systems, I see that it is simple as backspace over
the sentence,then type the url, it a'appears' at first , to be a normal
deleted sentence, but when I open and dissect, it shows URL/41/41/41 then
all over the email page, same thing ... I know this might be confusing,  I
traced the problem to a dll or lib wich is for text
editing<http://www.goggle.com>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ