| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Jul 2004 15:30:08 -0400 From: "James C. Slora, Jr." <james.slora@...a.com> To: <bugtraq@...urityfocus.com>, "Windows NTBugtraq Mailing List" <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM> Subject: Find the tag continued Takeoff from http-equiv's notes about closing > By design, unprocessable HTML tags and tag parameters are ignored during parsing. An amazing amount of worthless obfuscating stuff can be inserted before the closing > of a valid tag, and the parameters for the tag can be tough to find. Mail filtering and human review of unwanted stuff like object and iframe tags might get fooled. Here is a funnier example of tag obfuscation, plus an odd interactive rendering of the message. It uses http-equiv's Paul.html for its object data source. Paste the stuff below into a text file named message.eml and open it in Outlook Express. Forward it to Outlook for more of the same fun. Add alternate text for non-html readers, and it could be even more funny. Mix in some auto-execute silliness to taste. It will already execute if forwarding while using Word as the email editor. ---> Copy everything below this line <--- Content-Type: text/html; As part of ongoing security efforts, Big Internet Software Company is conducting a gullibility test. Forward this to all your friends to see if they click the link. You will receive twenty dollars from them for every friend you can fool.<br> <br>This message will now check for your software's compatibility with this test.<hemo><poisoning><spamsux><hidden><bury> <object << <img << <html <<< </body </html Enlarge your nostrils - she will thank you for it. This is a dull message designed to distract you from the tag completion down below if you are a mail administrator who is looking at the source of a spam message to see if there is anything fishy in it, or if you are a mail screening program that wants to look for the closing of the object tag but is only willing to look so far to avoid munching all the CPU time that is available searching for closing tags. You can ramble on and on and on yet still remain within the object tag until you finally come to an > closing element. I wonder what the limit might be? Object just goes and goes and goes. You could probably put an encyclopedia in here. ****************************** Such ridiculous lengths made me wonder if eventually you must overflow a buffer. But 48MB worth of garbage did not cause any problems - it just took longer to display. ****************************** Insert additional garbage here ad nauseum. If you do not wish to receive similar messages in the future, please send a blank message to mailto:nostrilenlargement@...ckyourfingerinit.com, or use this unsubscribe link: data=3D"http://www.malware.com/paul.html" <A HREF="www.widowsupdate.comm"> <br><br> *********SORRY*********** <br><br> Your mail client does not support the ActiveX control required to participate in this test. You may still collect twenty dollars for each of your friends that clicks.<br><br> If you do not wish to participate in future tests, <br>please send a blank message to <br>mailto:nostrilenlargement@...ckyourfingerinit.comm, <br>or use this unsubscribe link: "http://www.pickledherring.orgg/page.php"
Powered by blists - more mailing lists