lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <FCAD9F541A8E8A44881527A6792F892C307B54__9558.42550979487$1089774088$gmane$org@owa.eeye.com>
Date: Mon, 12 Jul 2004 15:11:48 -0700
From: "Drew Copley" <dcopley@...e.com>
To: <1@...ware.com>, <bugtraq@...urityfocus.com>
Cc: <NTBugtraq@...tserv.ntbugtraq.com>
Subject: RE:  Re: HijackClick 3


 

> -----Original Message-----
> From: http-equiv@...ite.com [mailto:1@...ware.com] 
> Sent: Monday, July 12, 2004 12:06 PM
> To: bugtraq@...urityfocus.com
> Cc: NTBugtraq@...tserv.ntbugtraq.com
> Subject: Re: HijackClick 3
> 

<snip>

> This is absolutely fantastic Paul, with a patented double-click 
> of the mouse we can remotely take over the target's computer:
> 
> Just substitute as follows:
> 
> 1. <img src="greyhat.html" id=anch 
> onmousedown="parent.nsc.style.width=2000;parent.nsc.style.height=
> 2000;parent.pop.show(1,1,1,1);parent.setTimeout('showalert
> ()',3000);" style="width=168px;height=152px;background-image:url
> ('youlickit.gif');cursor:hand" title="click me!"></a>
> 
> 2. location="shell:favorites\\greyhat[1].htm"
> 
> Someone was querying the other day whether shell in Internet 
> Explorer poses a problem [despite repeated demonstrations]. 
> Pah ! Probably not.
> 
> Quick and Dirty Working Demo:
> 
> http://www.malware.com/paul.html

Just to add... this, too, works on using shell.application,
a bug which has been open for around ten months. 

In fact, I don't think there has been a bug in about ten
months (coincidentally) that does not rely on either Jelmer's
adodb bug or your shell.application bug.

Microsoft can remove the threat from all users right now, today,
and issue a fix. We won't see criminals using these things
to grab people's money tommorrow. We won't see hundreds of articles
critical of their browser. We won't see devious, targetted
attacks on bank employees or anyone else.

Remove the escalating security holes, and you remove the
ones that depend on it. They then might only serve some use
for phishers and the like, people who are only minorly more
successful using such exploits over using straight cons.

 

> -- 
> http://www.malware.com
> 
> 
> 
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ