[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <33637.66.58.158.195.1063326818.squirrel@www.nothotmail.org>
From: meme-boi at nothotmail.org (meme-boi)
Subject: RE:Internet explorer 6 on windows XP allows exection of arbitrary code ( and opera and Mozilla too)
>WORKAROUND :
>Disable active scripting or do "the sensible thing" and pick another
>>browser such as the>excellent mozilla firebird.
Mozilla ...
<script language="Javascript">
t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1);
</script>
hmmm
or
http://drorshalev.brinkster.net/dev/memeboi/werd.html
Both serious issues mozilla has yet to fix.
Or we can look at Opera and conclude that no graphical browser is safe:
/usr/bin/opera: line 138: 1289 Segmentation fault
"${BINARYDIR}/opera" "${@}"
"${BINARYDIR}/opera" "${@}"
(gdb) /opt/opera/lib/opera/plugins/operamotifwrapper: error while loading
shared libraries: libXm.so.2: cannot open shared object file: No such file
or directory
(gdb) backtrace
#0 0x21ad4397 in waitpid () from /lib/libc.so.6
#1 0x080777f6 in kill_pid ()
#2 0x080767a3 in wait_for ()
#3 0x080687c6 in execute_command_internal ()
#4 0x0806c0a7 in execute_command ()
#5 0x0805d48c in reader_loop () <---murder loop
#6 0x0805b8a0 in main ()
#7 0x21a407a6 in __libc_start_main () from /lib/libc.so.6 <--redrum lib
(gdb) info reg
eax 0xfffffe00 -512
ecx 0x5da26398 1570923416
edx 0x0 0
ebx 0xffffffff -1
esp 0x5da2635c 0x5da2635c
ebp 0x5da26378 0x5da26378
esi 0x0 0
edi 0xffffffff -1
eip 0x21ad4397 0x21ad4397
eflags 0x246 582
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x0 0
orig_eax 0x72 114
(gdb) disass $eip-0x20 $eip+0x20
Dump of assembler code from 0x21ad4377 to 0x21ad43b7:
0x21ad4377 <waitpid+23>: mov $0x7,%dh
0x21ad4379 <waitpid+25>: add %cl,0x2b88b3(%ebx)
0x21ad437f <waitpid+31>: add %cl,0xf685087d(%ebx)
0x21ad4385 <waitpid+37>: jne 0x21ad43be <waitpid+94>
0x21ad4387 <waitpid+39>: mov 0xc(%ebp),%ecx
0x21ad438a <waitpid+42>: mov 0x10(%ebp),%edx
0x21ad438d <waitpid+45>: push %ebx
0x21ad438e <waitpid+46>: mov %edi,%ebx
0x21ad4390 <waitpid+48>: mov $0x72,%eax
0x21ad4395 <waitpid+53>: int $0x80
0x21ad4397 <waitpid+55>: pop %ebx
0x21ad4398 <waitpid+56>: cmp $0xfffff000,%eax
0x21ad439d <waitpid+61>: mov %eax,%esi
0x21ad439f <waitpid+63>: ja 0x21ad43ae <waitpid+78>
0x21ad43a1 <waitpid+65>: mov %esi,%eax
0x21ad43a3 <waitpid+67>: mov 0xfffffff4(%ebp),%ebx
0x21ad43a6 <waitpid+70>: mov 0xfffffff8(%ebp),%esi
0x21ad43a9 <waitpid+73>: mov 0xfffffffc(%ebp),%edi
0x21ad43ac <waitpid+76>: leave
0x21ad43ad <waitpid+77>: ret
0x21ad43ae <waitpid+78>: neg %esi
0x21ad43b0 <waitpid+80>: call 0x21a40980 <__errno_location>
0x21ad43b5 <waitpid+85>: mov %esi,(%eax)
Time to revert to command line !
I speak about this on the mighty bugtraq but noone listen. not even friend
9or.
Anyways. I have to go clean the floor at walmart.
ninjas are bad
Powered by blists - more mailing lists