| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Jun 2011 13:09:51 +1000
From: "-= Glowing Doom =-" <secn3t@...il.com>
To: Haxxor Security <h@...r.se>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: POC for a simple gmail/possible code
injection into html wich can be executed in an email,
i will make the PoC code and explain how here and now...
Here again....
I will write a sentence now, and, i will just copy, so it is 'darkened' text
, then with NO backspace just leave the text darkened, and goto 'link' , and
enter a link.. the text will turn to red.
(this is the easiest way to reproduce it...) <http://www.haxxor-NOT.bs>
On 12 June 2011 13:07, -= Glowing Doom =- <secn3t@...il.com> wrote:
> I should have said just 'copy, then hit link... because the other one, is
> actually VERY hard to explain..but yes... backspace... has a bug with
> emails. Is this so hard for 500000 ppl to understand ?
> I am really shocked at the brubbish talk i have copped from this.
>
>
>
> On 12 June 2011 13:06, -= Glowing Doom =- <secn3t@...il.com> wrote:
>
>> Do the research... then call yourself a 'team'...please :s
>>
>> The PoC, is easy as hell to reproduce. I am shocked a team, cannot do it..
>>
>> even the easy one wich is just copy/backspace, and, hit link and enter a
>> link!
>> simple ?
>>
>>
>>
>> On 12 June 2011 12:52, Haxxor Security <h@...r.se> wrote:
>>
>>> As I (painfully tried to) understand it, secn3t can fool his own email
>>> client to create malformed links by pressing backspace...
>>>
>>>
>>> 2011/6/12 adam <adam@...sy.net>
>>>
>>>> At the end of the day, you're going to be treated like a child as long
>>>> as you continue to type like one.
>>>>
>>>> The entertaining part for me is how each of your replies contradicts a
>>>> previous one. According to you, this *vulnerability* *has existed for
>>>> years*. And also according to you, the reason why the original email
>>>> was filled with spelling errors is because it *was rushed out due to
>>>> you being "awake" at 6AM.* Do you see the inconsistency between those
>>>> two statements? Your response to Christian also indicated that you* **
>>>> didn't just discover this*.
>>>>
>>>> IF this is an old vulnerability and IF you've known about it for an
>>>> extended period of time - WHY did you have to post it right when you did?
>>>> It's old, you've known about it for a while, it's existed for years, yet it
>>>> couldn't wait until later in the day? It couldn't wait until you had time to
>>>> skim over the email and correct any spelling/grammar mistakes? It absolutely
>>>> had to be posted right then and there?
>>>>
>>>> On Sat, Jun 11, 2011 at 9:14 PM, -= Glowing Doom =- <secn3t@...il.com>wrote:
>>>>
>>>>> Thats why i the people who do understand it, can see that it is
>>>>> there... yes, VERY hard to expalin, id LOVE to see you try.
>>>>>
>>>>>
>>>>>
>>>>> On 12 June 2011 12:11, adam <adam@...sy.net> wrote:
>>>>>
>>>>>> Furthermore, pretending that we [the readers] are somehow at fault
>>>>>> here (for not understanding) isn't going to get you very far. The only thing
>>>>>> consistent in this entire thread is that people *kind of* want to
>>>>>> know what you're talking about, but aren't able to due to the poor writing
>>>>>> style and spelling/grammar errors.
>>>>>>
>>>>>> It should be noted that no one is being anal about typos, I fully
>>>>>> understand that people make mistakes. The difference is that it appears you
>>>>>> didn't even so much as proof read the original email.
>>>>>>
>>>>>>
>>>>>> On Sat, Jun 11, 2011 at 9:04 PM, phocean <0x90@...cean.net> wrote:
>>>>>>
>>>>>>> Hi n3td3v... oops!... secn3t (that is close),
>>>>>>>
>>>>>>> Sorry but I don't understand anything to this thread.
>>>>>>> Each of your emails is such a pain to read, that I stop at the first
>>>>>>> sentence.
>>>>>>> We are all busy and don't want to take 20 min to decipher your
>>>>>>> writing
>>>>>>> with the risk that it is not deserving it.
>>>>>>> Please clarify and give consistent technical facts.
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>> Le 12/06/2011 03:33, -= Glowing Doom =- a écrit :
>>>>>>> > This is NOT coded.. the PoC i am explaining, is possible with
>>>>>>> simply
>>>>>>> > copyying text,then using a sequence of keys, to make the actual
>>>>>>> > sentence/s, appear.
>>>>>>> > This code is not what shows up when it is dissected.
>>>>>>> > It shows up with many x41 all over the email when it is done
>>>>>>> properly .
>>>>>>> > Regards.
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> > On 12 June 2011 11:29, Christian Sciberras <uuf6429@...il.com
>>>>>>> > <mailto:uuf6429@...il.com>> wrote:
>>>>>>> >
>>>>>>> > For those lazy enough to search:
>>>>>>> >
>>>>>>> >
>>>>>>> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1
>>>>>>> >
>>>>>>> >
>>>>>>> > Excerpt:
>>>>>>> >
>>>>>>> > Basicaly just compile this and you will get a 100% processor
>>>>>>> usage
>>>>>>> > by the compiled exploit and Csrss.exe
>>>>>>> >
>>>>>>> > #include <stdio.h>
>>>>>>> > int main(void)
>>>>>>> > {
>>>>>>> > while(1)
>>>>>>> > printf("\t\t\b\b\b\b\b\b");
>>>>>>> > return 0;
>>>>>>> > }
>>>>>>> >
>>>>>>> >
>>>>>>> > How this helps in sending spam is beyond me.
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> > On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton <
>>>>>>> noloader@...il.com
>>>>>>> > <mailto:noloader@...il.com>> wrote:
>>>>>>> >
>>>>>>> > On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =-
>>>>>>> > <secn3t@...il.com <mailto:secn3t@...il.com>> wrote:
>>>>>>> >
>>>>>>> > > It is now, over 1yr old atleast and exists in
>>>>>>> riched20.dll.
>>>>>>> > > This PoC info is over for me also.
>>>>>>> > Microsoft had problems with a backspace in the past. Search
>>>>>>> for
>>>>>>> > "CSRSS
>>>>>>> > Backspace Bug".
>>>>>>> >
>>>>>>> > > [SNIP
>>>>>>> >
>>>>>>> > Jeff
>>>>>>> >
>>>>>>> > _______________________________________________
>>>>>>> > Full-Disclosure - We believe in it.
>>>>>>> > Charter:
>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> > _______________________________________________
>>>>>>> > Full-Disclosure - We believe in it.
>>>>>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> phocean
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Full-Disclosure - We believe in it.
>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists