lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20041004193713.49001.qmail@web25002.mail.ukl.yahoo.com>
From: contact_jamie_fisher at yahoo.co.uk (jamie fisher)
Subject: XSS in "Spyware installs with no interaction in IE on fully patchedXP SP2 box"

"'>&view=date&page=&cat=&name=blue+biohazard.zip">http://themexp.org//preview.php?mid=72936&type=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;poo%26quot;)>&view=date&page=&cat=&name=blue+biohazard.zip
 
Above is a measly example of XSS - upload any file you like if you want to the site with XSS; seems to be open to all sorts - but I just spidered the web app and there appears to be quite a number of scripts that are pushing the applications down your wire...  Not 100% sure but I'd guess that since this is seems to be the sort of site people would visit to get their windows wares it stands to reason that someone would upload a file like in the example above in order to do...  I haven't had the opportunity to see where the .cab is being pushed from - whether on site or off.  Would it be worth investigating?
 
Cheers

Willem Koenings <isec@...ope.com> wrote:

hi, 

> > I was unable to verify it, since I don't use IE, and would prefer not 
> > infecting myself on accident, however I did run across this: 
> > 
> > http://themexp.org/about_wrap.php 
> > 
> > Perhaps one of the themes you downloaded was bundled with the spyware? 
> 
> two tiny links from there: 
> 
> http://WWW.addictivetechnologies.net/dm0/js/Confirm80wu03rd.js 
> http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab 

btw, old trusty IE 5.01 + manually configured security settings =
no problem at all. either XP+SP2 broke seriously something in IE
or Geraldo Rivera has just poorly configured internet setting.

W.
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

		
---------------------------------
 ALL-NEW Yahoo! Messenger - all new features - even more fun!  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041004/ec6c79a0/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ