[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BANLkTinZoXShR94FM+811s8KUn-ewRrSLQ@mail.gmail.com>
Date: Sat, 11 Jun 2011 19:13:21 -0500
From: adam <adam@...sy.net>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: POC for a simple gmail/possible code
injection into html wich can be executed in an email,
i will make the PoC code and explain how here and now...
When the English version becomes available, please let me know.
On Sat, Jun 11, 2011 at 7:02 PM, -= Glowing Doom =- <secn3t@...il.com>wrote:
> Systems wich appear vulnerable: EVERY single one i have tried...
>
> How:
>
> I wrote that sentecne, then, i backspaced it and blacked it over with copy
> , then, enter url to wherver i want...
> There is 3 ways i have found todo this, when i dissected one of them, the
> URL/Sentence, was gfull of x41\x41\x41 , very strange... because it is still
> able to be done 3 ways, and the simplest way does NOT require even html
> 'link' to section, wich is what MST be done, altho on older emailer systems,
> I see that it is simple as backspace over the sentence,then type the url, it
> a'appears' at first , to be a normal deleted sentence, but when I open and
> dissect, it shows URL/41/41/41 then all over the email page, same thing ...
> I know this might be confusing, I traced the problem to a dll or lib wich
> is for text editing , and that dll is a VERY common one on any system, sofar
> not one mailing system, has NOT had this vuln... yet, i have seen another
> 'version' of this attack type, but, they can ONLY spoof a URL... This one,
> you can make the whole email, a url... i will do this right now..
>
>
> PoC1.
> Ok, this is a PoC , this actual whole sentence...<http://www.lemonparty.biz>
>
>
> PoC 2:
>
> I wrote that sentecne, then, i backspaced it and blacked it over with copy
> , then, enter url to wherver i want...There is 3 ways i have found todo
> this, when i dissected one of them, the URL/Sentence, was gfull of
> x41\x41\x41 , very strange... because it is still able to be done 3 ways,
> and the simplest way does NOT require even html 'link' to section, wich is
> what MST be done, altho on older emailer systems, I see that it is simple as
> backspace over the sentence,then type the url, it a'appears' at first , to
> be a normal deleted sentence, but when I open and dissect, it shows
> URL/41/41/41 then all over the email page, same thing ... I know this might
> be confusing, I traced the problem to a dll or lib wich is for text editing<http://www.goggle.com>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists