lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 04 Oct 2007 09:04:06 -0700
From: Greg Rubin <grrubin@...il.com>
To: bugtraq@...urityfocus.com
Subject: Re: 0day: mIRC pwns Windows

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I am still unable to replicate.  It launches FireFox (2.0.0.7) for me
on my system and yeilds the error page "Firefox can't find the server
at %xx..."

If I replace the "%xx" with a null byte (inspired by the recent
protocol handler problems in FF), then it still doesn't work, as per
the mIRC string: http: $+ $chr(0) $+
../../../../../../../../../../../windows/system32/calc.exe"

So far, with various permutations of protocol handlers and odd
characters, I can't reproduce this.

Greg

3APA3A wrote:
> Dear Gavin Hanover,
>
> In  this  very  case  it's  really seems to be mIRC problem ("unfiltered
> shell  characters"). It doesn't depend on URL handler and will work with
> any valid URL handler. You can reproduce same vulnerability by entering
>
>  http:%xx../../../../../../../../../../../windows/system32/calc.exe".bat
>
> Exploitable under Windows XP, not exploitable under Vista.
>
> --Wednesday, October 3, 2007, 11:59:45 PM, you wrote to
jinc4fareijj@...mail.com:
>
> GH> is this a mirc bug or a mail client bug?
>
>>> mailto:%xx../../../../../../../../../../../windows/system32/calc.exe".bat
>>>
>


- --
Greg Rubin
grrubin@...il.com
GPG: 0x79D0A517

(Interested in encrypting your email? Please ask me how.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHBQ715KDU23nQpRcRAm4UAKCv4xq/V4pz+uAlPBmb06yEGN4MKQCg7lk1
9JOhTzWLeJs/N4OCjSRuNKk=
=//Ll
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ