| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Jun 2011 12:14:28 +1000
From: "-= Glowing Doom =-" <secn3t@...il.com>
To: adam <adam@...sy.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: POC for a simple gmail/possible code
injection into html wich can be executed in an email,
i will make the PoC code and explain how here and now...
Thats why i the people who do understand it, can see that it is there...
yes, VERY hard to expalin, id LOVE to see you try.
On 12 June 2011 12:11, adam <adam@...sy.net> wrote:
> Furthermore, pretending that we [the readers] are somehow at fault here
> (for not understanding) isn't going to get you very far. The only thing
> consistent in this entire thread is that people *kind of* want to know
> what you're talking about, but aren't able to due to the poor writing style
> and spelling/grammar errors.
>
> It should be noted that no one is being anal about typos, I fully
> understand that people make mistakes. The difference is that it appears you
> didn't even so much as proof read the original email.
>
>
> On Sat, Jun 11, 2011 at 9:04 PM, phocean <0x90@...cean.net> wrote:
>
>> Hi n3td3v... oops!... secn3t (that is close),
>>
>> Sorry but I don't understand anything to this thread.
>> Each of your emails is such a pain to read, that I stop at the first
>> sentence.
>> We are all busy and don't want to take 20 min to decipher your writing
>> with the risk that it is not deserving it.
>> Please clarify and give consistent technical facts.
>>
>> Thanks.
>>
>> Le 12/06/2011 03:33, -= Glowing Doom =- a écrit :
>> > This is NOT coded.. the PoC i am explaining, is possible with simply
>> > copyying text,then using a sequence of keys, to make the actual
>> > sentence/s, appear.
>> > This code is not what shows up when it is dissected.
>> > It shows up with many x41 all over the email when it is done properly .
>> > Regards.
>> >
>> >
>> >
>> > On 12 June 2011 11:29, Christian Sciberras <uuf6429@...il.com
>> > <mailto:uuf6429@...il.com>> wrote:
>> >
>> > For those lazy enough to search:
>> >
>> >
>> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1
>> >
>> >
>> > Excerpt:
>> >
>> > Basicaly just compile this and you will get a 100% processor usage
>> > by the compiled exploit and Csrss.exe
>> >
>> > #include <stdio.h>
>> > int main(void)
>> > {
>> > while(1)
>> > printf("\t\t\b\b\b\b\b\b");
>> > return 0;
>> > }
>> >
>> >
>> > How this helps in sending spam is beyond me.
>> >
>> >
>> >
>> > On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton <noloader@...il.com
>> > <mailto:noloader@...il.com>> wrote:
>> >
>> > On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =-
>> > <secn3t@...il.com <mailto:secn3t@...il.com>> wrote:
>> >
>> > > It is now, over 1yr old atleast and exists in riched20.dll.
>> > > This PoC info is over for me also.
>> > Microsoft had problems with a backspace in the past. Search for
>> > "CSRSS
>> > Backspace Bug".
>> >
>> > > [SNIP
>> >
>> > Jeff
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> --
>> phocean
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists