lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 12 Jun 2011 13:13:39 +1000
From: "-= Glowing Doom =-" <secn3t@...il.com>
To: jrd@...desas.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: POC for a simple gmail/possible code
 injection into html wich can be executed in an email,
 i will make the PoC code and explain how here and now...

done.. bye!


On 12 June 2011 13:12, -= Glowing Doom =- <secn3t@...il.com> wrote:

> Yet i now stop... enjoy your pathetic,useless luist.. i will now
> unsubscribe :)
> thanks.
>
>
>
> On 12 June 2011 13:09, -= Glowing Doom =- <secn3t@...il.com> wrote:
>
>> Here again....
>>
>> I will write a sentence now, and, i will just copy, so it is 'darkened'
>> text , then with NO backspace just leave the text darkened, and goto 'link'
>> , and enter a link.. the text will turn to red.
>>
>>
>> (this is the easiest way to reproduce it...) <http://www.haxxor-NOT.bs>
>>
>>
>>
>>
>>
>> On 12 June 2011 13:07, -= Glowing Doom =- <secn3t@...il.com> wrote:
>>
>>> I should have said just 'copy, then hit link... because the other one, is
>>> actually VERY hard to explain..but yes... backspace... has a bug with
>>> emails. Is this so hard for 500000 ppl to understand ?
>>> I am really shocked at the brubbish talk i have copped from this.
>>>
>>>
>>>
>>> On 12 June 2011 13:06, -= Glowing Doom =- <secn3t@...il.com> wrote:
>>>
>>>> Do the research... then call yourself a 'team'...please :s
>>>>
>>>> The PoC, is easy as hell to reproduce. I am shocked a team, cannot do
>>>> it..
>>>>
>>>> even the easy one wich is just copy/backspace, and, hit link and enter a
>>>> link!
>>>> simple ?
>>>>
>>>>
>>>>
>>>> On 12 June 2011 12:52, Haxxor Security <h@...r.se> wrote:
>>>>
>>>>> As I (painfully tried to) understand it, secn3t can fool his own email
>>>>> client to create malformed links by pressing backspace...
>>>>>
>>>>>
>>>>> 2011/6/12 adam <adam@...sy.net>
>>>>>
>>>>>> At the end of the day, you're going to be treated like a child as long
>>>>>> as you continue to type like one.
>>>>>>
>>>>>> The entertaining part for me is how each of your replies contradicts a
>>>>>> previous one. According to you, this *vulnerability* *has existed for
>>>>>> years*. And also according to you, the reason why the original email
>>>>>> was filled with spelling errors is because it *was rushed out due to
>>>>>> you being "awake" at 6AM.* Do you see the inconsistency between those
>>>>>> two statements? Your response to Christian also indicated that you* *
>>>>>> *didn't just discover this*.
>>>>>>
>>>>>> IF this is an old vulnerability and IF you've known about it for an
>>>>>> extended period of time - WHY did you have to post it right when you did?
>>>>>> It's old, you've known about it for a while, it's existed for years, yet it
>>>>>> couldn't wait until later in the day? It couldn't wait until you had time to
>>>>>> skim over the email and correct any spelling/grammar mistakes? It absolutely
>>>>>> had to be posted right then and there?
>>>>>>
>>>>>> On Sat, Jun 11, 2011 at 9:14 PM, -= Glowing Doom =- <secn3t@...il.com
>>>>>> > wrote:
>>>>>>
>>>>>>> Thats why i the people who do understand it, can see that it is
>>>>>>> there... yes, VERY hard to expalin, id LOVE to see you try.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 12 June 2011 12:11, adam <adam@...sy.net> wrote:
>>>>>>>
>>>>>>>> Furthermore, pretending that we [the readers] are somehow at fault
>>>>>>>> here (for not understanding) isn't going to get you very far. The only thing
>>>>>>>> consistent in this entire thread is that people *kind of* want to
>>>>>>>> know what you're talking about, but aren't able to due to the poor writing
>>>>>>>> style and spelling/grammar errors.
>>>>>>>>
>>>>>>>> It should be noted that no one is being anal about typos, I fully
>>>>>>>> understand that people make mistakes. The difference is that it appears you
>>>>>>>> didn't even so much as proof read the original email.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sat, Jun 11, 2011 at 9:04 PM, phocean <0x90@...cean.net> wrote:
>>>>>>>>
>>>>>>>>> Hi n3td3v... oops!... secn3t (that is close),
>>>>>>>>>
>>>>>>>>> Sorry but I don't understand anything to this thread.
>>>>>>>>> Each of your emails is such a pain to read, that I stop at the
>>>>>>>>> first
>>>>>>>>> sentence.
>>>>>>>>> We are all busy and don't want to take 20 min to decipher your
>>>>>>>>> writing
>>>>>>>>> with the risk that it is not deserving it.
>>>>>>>>> Please clarify and give consistent technical facts.
>>>>>>>>>
>>>>>>>>> Thanks.
>>>>>>>>>
>>>>>>>>> Le 12/06/2011 03:33, -= Glowing Doom =- a écrit :
>>>>>>>>> > This is NOT coded..  the PoC i am explaining, is possible with
>>>>>>>>> simply
>>>>>>>>> > copyying text,then using a sequence of keys, to make the actual
>>>>>>>>> > sentence/s, appear.
>>>>>>>>> > This code is not what shows up when it is dissected.
>>>>>>>>> > It shows up with many x41 all over the email when it is done
>>>>>>>>> properly .
>>>>>>>>> > Regards.
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> > On 12 June 2011 11:29, Christian Sciberras <uuf6429@...il.com
>>>>>>>>> > <mailto:uuf6429@...il.com>> wrote:
>>>>>>>>> >
>>>>>>>>> >     For those lazy enough to search:
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >     Excerpt:
>>>>>>>>> >
>>>>>>>>> >     Basicaly just compile this and you will get a 100% processor
>>>>>>>>> usage
>>>>>>>>> >     by the compiled exploit and Csrss.exe
>>>>>>>>> >
>>>>>>>>> >     #include <stdio.h>
>>>>>>>>> >     int main(void)
>>>>>>>>> >     {
>>>>>>>>> >     while(1)
>>>>>>>>> >     printf("\t\t\b\b\b\b\b\b");
>>>>>>>>> >     return 0;
>>>>>>>>> >     }
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >     How this helps in sending spam is beyond me.
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >     On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton <
>>>>>>>>> noloader@...il.com
>>>>>>>>> >     <mailto:noloader@...il.com>> wrote:
>>>>>>>>> >
>>>>>>>>> >         On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =-
>>>>>>>>> >         <secn3t@...il.com <mailto:secn3t@...il.com>> wrote:
>>>>>>>>> >
>>>>>>>>> >         > It is now, over 1yr old atleast and exists in
>>>>>>>>> riched20.dll.
>>>>>>>>> >         > This PoC info is over for me also.
>>>>>>>>> >         Microsoft had problems with a backspace in the past.
>>>>>>>>> Search for
>>>>>>>>> >         "CSRSS
>>>>>>>>> >         Backspace Bug".
>>>>>>>>> >
>>>>>>>>> >         > [SNIP
>>>>>>>>> >
>>>>>>>>> >         Jeff
>>>>>>>>> >
>>>>>>>>> >         _______________________________________________
>>>>>>>>> >         Full-Disclosure - We believe in it.
>>>>>>>>> >         Charter:
>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> >         Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> > _______________________________________________
>>>>>>>>> > Full-Disclosure - We believe in it.
>>>>>>>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> phocean
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Full-Disclosure - We believe in it.
>>>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Full-Disclosure - We believe in it.
>>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>>
>>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ