lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 12 Jun 2011 13:07:29 +1000
From: "-= Glowing Doom =-" <secn3t@...il.com>
To: Haxxor Security <h@...r.se>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: POC for a simple gmail/possible code
 injection into html wich can be executed in an email,
 i will make the PoC code and explain how here and now...

I should have said just 'copy, then hit link... because the other one, is
actually VERY hard to explain..but yes... backspace... has a bug with
emails. Is this so hard for 500000 ppl to understand ?
I am really shocked at the brubbish talk i have copped from this.


On 12 June 2011 13:06, -= Glowing Doom =- <secn3t@...il.com> wrote:

> Do the research... then call yourself a 'team'...please :s
>
> The PoC, is easy as hell to reproduce. I am shocked a team, cannot do it..
>
> even the easy one wich is just copy/backspace, and, hit link and enter a
> link!
> simple ?
>
>
>
> On 12 June 2011 12:52, Haxxor Security <h@...r.se> wrote:
>
>> As I (painfully tried to) understand it, secn3t can fool his own email
>> client to create malformed links by pressing backspace...
>>
>>
>> 2011/6/12 adam <adam@...sy.net>
>>
>>> At the end of the day, you're going to be treated like a child as long as
>>> you continue to type like one.
>>>
>>> The entertaining part for me is how each of your replies contradicts a
>>> previous one. According to you, this *vulnerability* *has existed for
>>> years*. And also according to you, the reason why the original email was
>>> filled with spelling errors is because it *was rushed out due to you
>>> being "awake" at 6AM.* Do you see the inconsistency between those two
>>> statements? Your response to Christian also indicated that you* **didn'tjust discover this
>>> *.
>>>
>>> IF this is an old vulnerability and IF you've known about it for an
>>> extended period of time - WHY did you have to post it right when you did?
>>> It's old, you've known about it for a while, it's existed for years, yet it
>>> couldn't wait until later in the day? It couldn't wait until you had time to
>>> skim over the email and correct any spelling/grammar mistakes? It absolutely
>>> had to be posted right then and there?
>>>
>>> On Sat, Jun 11, 2011 at 9:14 PM, -= Glowing Doom =- <secn3t@...il.com>wrote:
>>>
>>>> Thats why i the people who do understand it, can see that it is there...
>>>> yes, VERY hard to expalin, id LOVE to see you try.
>>>>
>>>>
>>>>
>>>> On 12 June 2011 12:11, adam <adam@...sy.net> wrote:
>>>>
>>>>> Furthermore, pretending that we [the readers] are somehow at fault here
>>>>> (for not understanding) isn't going to get you very far. The only thing
>>>>> consistent in this entire thread is that people *kind of* want to know
>>>>> what you're talking about, but aren't able to due to the poor writing style
>>>>> and spelling/grammar errors.
>>>>>
>>>>> It should be noted that no one is being anal about typos, I fully
>>>>> understand that people make mistakes. The difference is that it appears you
>>>>> didn't even so much as proof read the original email.
>>>>>
>>>>>
>>>>> On Sat, Jun 11, 2011 at 9:04 PM, phocean <0x90@...cean.net> wrote:
>>>>>
>>>>>> Hi n3td3v... oops!... secn3t (that is close),
>>>>>>
>>>>>> Sorry but I don't understand anything to this thread.
>>>>>> Each of your emails is such a pain to read, that I stop at the first
>>>>>> sentence.
>>>>>> We are all busy and don't want to take 20 min to decipher your writing
>>>>>> with the risk that it is not deserving it.
>>>>>> Please clarify and give consistent technical facts.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> Le 12/06/2011 03:33, -= Glowing Doom =- a écrit :
>>>>>> > This is NOT coded..  the PoC i am explaining, is possible with
>>>>>> simply
>>>>>> > copyying text,then using a sequence of keys, to make the actual
>>>>>> > sentence/s, appear.
>>>>>> > This code is not what shows up when it is dissected.
>>>>>> > It shows up with many x41 all over the email when it is done
>>>>>> properly .
>>>>>> > Regards.
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > On 12 June 2011 11:29, Christian Sciberras <uuf6429@...il.com
>>>>>> > <mailto:uuf6429@...il.com>> wrote:
>>>>>> >
>>>>>> >     For those lazy enough to search:
>>>>>> >
>>>>>> >
>>>>>> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1
>>>>>> >
>>>>>> >
>>>>>> >     Excerpt:
>>>>>> >
>>>>>> >     Basicaly just compile this and you will get a 100% processor
>>>>>> usage
>>>>>> >     by the compiled exploit and Csrss.exe
>>>>>> >
>>>>>> >     #include <stdio.h>
>>>>>> >     int main(void)
>>>>>> >     {
>>>>>> >     while(1)
>>>>>> >     printf("\t\t\b\b\b\b\b\b");
>>>>>> >     return 0;
>>>>>> >     }
>>>>>> >
>>>>>> >
>>>>>> >     How this helps in sending spam is beyond me.
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >     On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton <
>>>>>> noloader@...il.com
>>>>>> >     <mailto:noloader@...il.com>> wrote:
>>>>>> >
>>>>>> >         On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =-
>>>>>> >         <secn3t@...il.com <mailto:secn3t@...il.com>> wrote:
>>>>>> >
>>>>>> >         > It is now, over 1yr old atleast and exists in
>>>>>> riched20.dll.
>>>>>> >         > This PoC info is over for me also.
>>>>>> >         Microsoft had problems with a backspace in the past. Search
>>>>>> for
>>>>>> >         "CSRSS
>>>>>> >         Backspace Bug".
>>>>>> >
>>>>>> >         > [SNIP
>>>>>> >
>>>>>> >         Jeff
>>>>>> >
>>>>>> >         _______________________________________________
>>>>>> >         Full-Disclosure - We believe in it.
>>>>>> >         Charter:
>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> >         Hosted and sponsored by Secunia - http://secunia.com/
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > _______________________________________________
>>>>>> > Full-Disclosure - We believe in it.
>>>>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>
>>>>>>
>>>>>> --
>>>>>> phocean
>>>>>>
>>>>>> _______________________________________________
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ