lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <60960ADF05853443B76D8A41603C5F8907DC41CB@NASEV05.hca.corpad.net>
Date: Mon, 19 Mar 2007 07:27:36 -0500
From: "Tucker Jeff" <Jeff.Tucker@...Healthcare.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: unsubscribe

unsubscribe


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
full-disclosure-request@...ts.grok.org.uk
Sent: Monday, March 19, 2007 7:00 AM
To: full-disclosure@...ts.grok.org.uk
Subject: Full-Disclosure Digest, Vol 25, Issue 27

Send Full-Disclosure mailing list submissions to
	full-disclosure@...ts.grok.org.uk

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
	full-disclosure-request@...ts.grok.org.uk

You can reach the person managing the list at
	full-disclosure-owner@...ts.grok.org.uk

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."


Note to digest recipients - when replying to digest posts, please trim
your post appropriately. Thank you.


Today's Topics:

   1. Web Security and Bookmarklet Exploits (pdp (architect))
   2. [SECURITY] [DSA 1269-1] New lookup-el packages	fix insecure
      temporary file (Martin Schulze)
   3. nac-gaf spam attacks (Steve Cooperman)
   4. [ GLSA 200703-17 ] ulogd: Remote execution of	arbitrary code
      (Raphael Marichez)
   5. [ GLSA 200703-18 ] Mozilla Thunderbird: Multiple
      vulnerabilities (Raphael Marichez)
   6. [ GLSA 200703-19 ] LTSP: Authentication bypass in	included
      LibVNCServer code (Raphael Marichez)
   7. [ GLSA 200703-20 ] LSAT: Insecure temporary file	creation
      (Raphael Marichez)
   8. Re: [WEB SECURITY] GMail Contact Information	Disclosure PoC
      (chris@...tsrightrecords.com)


----------------------------------------------------------------------

Message: 1
Date: Sun, 18 Mar 2007 08:58:20 +0000
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
Subject: [Full-disclosure] Web Security and Bookmarklet Exploits
To: full-disclosure@...ts.grok.org.uk, "WASC Forum"
	<websecurity@...appsec.org>,	"webappsec @OWASP"
	<webappsec@...ts.owasp.org>
Message-ID:
	<6905b1570703180158q6f58e756s1b9b41027180150@...l.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

http://www.gnucitizen.org/blog/sex-candies-and-bookmarklet-exploits
http://www.gnucitizen.org/projects/technika/

I have rolled out a new Technika browser extension. It is very small
and extremely fast. Technika also integrates with Firebug, so you can
easily test and compose Bookmarklets on the fly. The article that I
pointed above discusses how Bookmarklets can be used to compose web
app exploits. There is a framework similar to metasploit that will
come out very soon. I thought that it might be a good idea to share
these ideas now, so the community knows what to expect in the future.
Thanks.

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org



------------------------------

Message: 2
Date: Sun, 18 Mar 2007 18:37:56 +0100 (CET)
From: joey@...odrom.org (Martin Schulze)
Subject: [Full-disclosure] [SECURITY] [DSA 1269-1] New lookup-el
	packages	fix insecure temporary file
To: debian-security-announce@...ts.debian.org (Debian Security
	Announcements)
Message-ID: <20070318173756.A37E7100E1@...landia.home.infodrom.org>
Content-Type: text/plain; charset=iso-8859-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-
------------------------------------------------------------------------
--
Debian Security Advisory DSA 1269-1
security@...ian.org
http://www.debian.org/security/                             Martin
Schulze
March 18th, 2007
http://www.debian.org/security/faq
-
------------------------------------------------------------------------
--

Package        : lookup-el
Vulnerability  : insecure temporary file
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2007-0237

Tatsuya Kinoshita discovered that Lookup, a search interface to
electronic dictionaries on emacsen, creates a temporary file in an
insecure fashion when the ndeb-binary feature is used, which allows a
local attacker to craft a symlink attack to overwrite arbitrary files.

For the stable distribution (sarge) this problem has been fixed in
version 1.4-3sarge1.

For the testing distribution (etch) this problem has been fixed in
version 1.4-5.

For the unstable distribution (sid) this problem has been fixed in
version 1.4-5.

We recommend that you upgrade your lookup-el package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

 
http://security.debian.org/pool/updates/main/l/lookup-el/lookup-el_1.4-3
sarge1.dsc
      Size/MD5 checksum:      585 2daf45b112f1b688658faf610308962e
 
http://security.debian.org/pool/updates/main/l/lookup-el/lookup-el_1.4-3
sarge1.diff.gz
      Size/MD5 checksum:     7115 f27e58e4ea0df6b08e808624a8fcb4e2
 
http://security.debian.org/pool/updates/main/l/lookup-el/lookup-el_1.4.o
rig.tar.gz
      Size/MD5 checksum:   349751 05d12aa8921969b449a6f2a47bb00247

  Architecture independent components:

 
http://security.debian.org/pool/updates/main/l/lookup-el/lookup-el_1.4-3
sarge1_all.deb
      Size/MD5 checksum:   228002 30c9393256c1029e3742892e3bc16a6f


  These files will probably be moved into the stable distribution on
  its next update.

-
------------------------------------------------------------------------
---------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and
http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF/Xj0W5ql+IAeqTIRAofWAJ4m3KwS80yMHa+SdKSWRF9bK3A/IwCeKebE
0IJmw3+CLfosO3982ZdVry4=
=czbW
-----END PGP SIGNATURE-----



------------------------------

Message: 3
Date: Sun, 18 Mar 2007 16:56:44 -0400
From: "Steve Cooperman" <worried@...il.com>
Subject: [Full-disclosure] nac-gaf spam attacks
To: full-disclosure@...ts.grok.org.uk
Message-ID:
	<a50eeaa10703181356q53f983dbh65edc5266d04af0b@...l.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Good Afternoon,
I'm seeing wide-spread spam attacks across several different shared
hosting
servers, operated by multiple companies. The attacks forge emails on the
fly, and follow a pattern. The spam first takes the client's domain
name,
for example, plastic.com. Then adds the word "nac" to the beginning, and
"gaf" to the end, making the from email address
nacplasticgaf@...stic.com .
If the domain were rockin.com, the email would be
nacrockingaf@...kin.com .
Byob.com, nacbyobgaf@...b.com, etc.

Has anyone else noticed this trend this afternoon? It seems they just
started a couple of hours ago. It doesn't seem like a security risk,
just
standard forging of email headers. The main company I work for makes use
of
SPF, however not every mail server on the internet makes use of it. I'm
only
submitting this because it seems like a wide-spread issue this
afternoon.

All the best,
Mike Bailey
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070318/
bad87890/attachment-0001.html 

------------------------------

Message: 4
Date: Sun, 18 Mar 2007 22:41:25 +0100
From: Raphael Marichez <falco@...too.org>
Subject: [Full-disclosure] [ GLSA 200703-17 ] ulogd: Remote execution
	of	arbitrary code
To: gentoo-announce@...too.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	security-alerts@...uxsecurity.com
Message-ID: <20070318214125.GE12255@...co.falcal.net>
Content-Type: text/plain; charset="us-ascii"

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200703-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: ulogd: Remote execution of arbitrary code
      Date: March 18, 2007
      Bugs: #161882
        ID: 200703-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

ulogd contains a possible buffer overflow potentially allowing for the
remote execution of arbitrary code.

Background
==========

ulogd is a userspace daemon for netfilter related logging.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /  Vulnerable  /                      Unaffected
    -------------------------------------------------------------------
  1  app-admin/ulogd      < 1.23-r1                         >= 1.23-r1

Description
===========

SUSE reported unspecified buffer overflows in ulogd involving the
calculation of string lengths.

Impact
======

A remote attacker could trigger a possible buffer overflow through
unspecified vectors, potentially leading to the remote execution of
arbitrary code with the rights of the user running the ulogd daemon, or
more probably leading to the crash of the daemon.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All ulogd users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-admin/ulogd-1.23-r1"

References
==========

  [ 1 ] CVE-2007-0460
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0460

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200703-17.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@...too.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url :
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070318/
adca95af/attachment-0001.bin 

------------------------------

Message: 5
Date: Sun, 18 Mar 2007 22:44:48 +0100
From: Raphael Marichez <falco@...too.org>
Subject: [Full-disclosure] [ GLSA 200703-18 ] Mozilla Thunderbird:
	Multiple	vulnerabilities
To: gentoo-announce@...too.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	security-alerts@...uxsecurity.com
Message-ID: <20070318214448.GG12255@...co.falcal.net>
Content-Type: text/plain; charset="us-ascii"

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200703-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Mozilla Thunderbird: Multiple vulnerabilities
      Date: March 18, 2007
      Bugs: #165555
        ID: 200703-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been reported in Mozilla Thunderbird,
some of which may allow user-assisted arbitrary remote code execution.

Background
==========

Mozilla Thunderbird is a popular open-source email client from the
Mozilla Project.

Affected packages
=================

    -------------------------------------------------------------------
     Package                  /  Vulnerable  /              Unaffected
    -------------------------------------------------------------------
  1  mozilla-thunderbird         < 1.5.0.10                >= 1.5.0.10
  2  mozilla-thunderbird-bin     < 1.5.0.10                >= 1.5.0.10
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

Georgi Guninski reported a possible integer overflow in the code
handling text/enhanced or text/richtext MIME emails. Additionally,
various researchers reported errors in the JavaScript engine
potentially leading to memory corruption. Additionally, the binary
version of Mozilla Thunderbird includes a vulnerable NSS library which
contains two possible buffer overflows involving the SSLv2 protocol.

Impact
======

An attacker could entice a user to read a specially crafted email that
could trigger one of the vulnerabilities, some of them being related to
Mozilla Thunderbird's handling of JavaScript, possibly leading to the
execution of arbitrary code.

Workaround
==========

There is no known workaround at this time for all of these issues, but
some of them can be avoided by disabling JavaScript. Note that the
execution of JavaScript is disabled by default and enabling it is
strongly discouraged.

Resolution
==========

All Mozilla Thunderbird users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
">=mail-client/mozilla-thunderbird-1.5.0.10"

All Mozilla Thunderbird binary users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
">=mail-client/mozilla-thunderbird-bin-1.5.0.10"

References
==========

  [ 1 ] CVE-2007-0008
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008
  [ 2 ] CVE-2007-0009
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009
  [ 3 ] CVE-2007-0775
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775
  [ 4 ] CVE-2007-0776
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776
  [ 5 ] CVE-2007-0777
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777
  [ 6 ] CVE-2007-1282
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1282

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200703-18.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@...too.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url :
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070318/
51afe7c1/attachment-0001.bin 

------------------------------

Message: 6
Date: Sun, 18 Mar 2007 22:49:41 +0100
From: Raphael Marichez <falco@...too.org>
Subject: [Full-disclosure] [ GLSA 200703-19 ] LTSP: Authentication
	bypass in	included LibVNCServer code
To: gentoo-announce@...too.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	security-alerts@...uxsecurity.com
Message-ID: <20070318214941.GI12255@...co.falcal.net>
Content-Type: text/plain; charset="us-ascii"

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200703-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: LTSP: Authentication bypass in included LibVNCServer code
      Date: March 18, 2007
      Bugs: #142661
        ID: 200703-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

LTSP includes a version of libVNCServer that is vulnerable to an
authentication bypass.

Background
==========

The Linux Terminal Server Project adds thin-client support to Linux
servers.

Affected packages
=================

    -------------------------------------------------------------------
     Package        /  Vulnerable  /                        Unaffected
    -------------------------------------------------------------------
  1  net-misc/ltsp      < 4.2-r1                             >= 4.2-r1

Description
===========

The LTSP server includes vulnerable LibVNCServer code, which fails to
properly validate protocol types effectively letting users decide what
protocol to use, such as "Type 1 - None" (GLSA-200608-05). The LTSP VNC
server will accept this security type, even if it is not offered by the
server.

Impact
======

An attacker could exploit this vulnerability to gain unauthorized
access with the privileges of the user running the VNC server.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All LTSP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/ltsp-4.2-r1"

References
==========

  [ 1 ] CVE-2006-2450
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2450
  [ 2 ] GLSA 200608-05
        http://www.gentoo.org/security/en/glsa/glsa-200608-05.xml

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200703-19.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@...too.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url :
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070318/
e1bf41b3/attachment-0001.bin 

------------------------------

Message: 7
Date: Sun, 18 Mar 2007 22:52:37 +0100
From: Raphael Marichez <falco@...too.org>
Subject: [Full-disclosure] [ GLSA 200703-20 ] LSAT: Insecure temporary
	file	creation
To: gentoo-announce@...too.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	security-alerts@...uxsecurity.com
Message-ID: <20070318215237.GK12255@...co.falcal.net>
Content-Type: text/plain; charset="us-ascii"

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200703-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
     Title: LSAT: Insecure temporary file creation
      Date: March 18, 2007
      Bugs: #159542
        ID: 200703-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

LSAT insecurely creates temporary files which can lead to symlink
attacks allowing a local user to overwrite arbitrary files.

Background
==========

The Linux Security Auditing Tool (LSAT) is a post install security
auditor which checks many system configurations and local network
settings on the system for common security or configuration errors and
for packages that are not needed.

Affected packages
=================

    -------------------------------------------------------------------
     Package         /  Vulnerable  /                       Unaffected
    -------------------------------------------------------------------
  1  app-admin/lsat      <= 0.9.2                          Vulnerable!
    -------------------------------------------------------------------
     NOTE: Certain packages are still vulnerable. Users should migrate
           to another package if one is available or wait for the
           existing packages to be marked stable by their
           architecture maintainers.

Description
===========

LSAT insecurely writes in /tmp with a predictable filename.

Impact
======

A local attacker could create symbolic links in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When
the LSAT script is executed, this would result in the file being
overwritten with the rights of the user running the software, which
could be the root user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

Since LSAT is not actively maintained anymore, this package has been
masked. All LSAT users are advised to unmerge it.

    
    # emerge --ask --unmerge "app-admin/lsat"

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200703-20.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@...too.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url :
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070318/
839bedab/attachment-0001.bin 

------------------------------

Message: 8
Date: Sun, 18 Mar 2007 21:10:01 -0700
From: <chris@...tsrightrecords.com>
Subject: Re: [Full-disclosure] [WEB SECURITY] GMail Contact
	Information	Disclosure PoC
To: "'beNi'" <backebackekuchen@...il.com>,
	<websecurity@...appsec.org>,	"'RSnake'" <h@...rs.org>,
	<full-disclosure@...ts.grok.org.uk>
Message-ID:
	<00f001c769dc$793422d0$030ba8c0@...mond.corp.microsoft.com>
Content-Type: text/plain;	charset="us-ascii"

Nice find.  There's a common problem when an organization gets so large
that
the right hand doesn't talk to the left.  I'm not sure what the
AuthToken
would be useful for, I don't see it anywhere in my authenticated request
(e.g. not in the cookie or any other data).  The XSS is more nasty than
the
XML data though, because from what I can tell a login to gmail sets a
cookie
for .google.com, allowing you to use your same XSS to get the contact
list
from a one-click (or XSRF) attack to the gmail call which returns the
same
contact list.  Both are nasty because they're serving up that data over
non-SSL channels.  



-----Original Message-----
From: beNi [mailto:backebackekuchen@...il.com] 
Sent: Wednesday, March 14, 2007 11:57 AM
To: websecurity@...appsec.org; RSnake; full-disclosure@...ts.grok.org.uk
Subject: [WEB SECURITY] GMail Contact Information Disclosure PoC

This is my GMail Contact information Disclosure Proof Of Concept
Exploit,
allowing you to read the Email addresses of all contacts of the
currently
logged in Google user.
http://mybeni.rootzilla.de/mybeNi/2007/gmail_information_disclosure/

(It also Allows you to check if someone is currently logged into Google
Services + Serves you the Authentication Token)

have fun and cheers, benjamin

--
benjamin "beNi" flesch
mybeNi.tk websecurity - http://mybeNi.rootzilla.de/mybeNi/

(coolest guy in da hood)


------------------------------------------------------------------------
----
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

End of Full-Disclosure Digest, Vol 25, Issue 27
***********************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ