lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 11 Jun 2011 22:16:45 -0500
From: adam <adam@...sy.net>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: POC for a simple gmail/possible code
 injection into html wich can be executed in an email,
 i will make the PoC code and explain how here and now...

You do realize you're still going to be CC'd, don't you?<http://www.google.com/>

And OH MY GOD, my text somehow became a clickable link. Did you guys see
that? Did you see my ground breaking exploit? I demand your respect right
this second!@

On Sat, Jun 11, 2011 at 10:13 PM, -= Glowing Doom =- <secn3t@...il.com>wrote:

> done.. bye!
>
>
>
> On 12 June 2011 13:12, -= Glowing Doom =- <secn3t@...il.com> wrote:
>
>> Yet i now stop... enjoy your pathetic,useless luist.. i will now
>> unsubscribe :)
>> thanks.
>>
>>
>>
>> On 12 June 2011 13:09, -= Glowing Doom =- <secn3t@...il.com> wrote:
>>
>>> Here again....
>>>
>>> I will write a sentence now, and, i will just copy, so it is 'darkened'
>>> text , then with NO backspace just leave the text darkened, and goto 'link'
>>> , and enter a link.. the text will turn to red.
>>>
>>>
>>> (this is the easiest way to reproduce it...) <http://www.haxxor-NOT.bs>
>>>
>>>
>>>
>>>
>>>
>>> On 12 June 2011 13:07, -= Glowing Doom =- <secn3t@...il.com> wrote:
>>>
>>>> I should have said just 'copy, then hit link... because the other one,
>>>> is actually VERY hard to explain..but yes... backspace... has a bug with
>>>> emails. Is this so hard for 500000 ppl to understand ?
>>>> I am really shocked at the brubbish talk i have copped from this.
>>>>
>>>>
>>>>
>>>> On 12 June 2011 13:06, -= Glowing Doom =- <secn3t@...il.com> wrote:
>>>>
>>>>> Do the research... then call yourself a 'team'...please :s
>>>>>
>>>>> The PoC, is easy as hell to reproduce. I am shocked a team, cannot do
>>>>> it..
>>>>>
>>>>> even the easy one wich is just copy/backspace, and, hit link and enter
>>>>> a link!
>>>>> simple ?
>>>>>
>>>>>
>>>>>
>>>>> On 12 June 2011 12:52, Haxxor Security <h@...r.se> wrote:
>>>>>
>>>>>> As I (painfully tried to) understand it, secn3t can fool his own email
>>>>>> client to create malformed links by pressing backspace...
>>>>>>
>>>>>>
>>>>>> 2011/6/12 adam <adam@...sy.net>
>>>>>>
>>>>>>> At the end of the day, you're going to be treated like a child as
>>>>>>> long as you continue to type like one.
>>>>>>>
>>>>>>> The entertaining part for me is how each of your replies contradicts
>>>>>>> a previous one. According to you, this *vulnerability* *has existed
>>>>>>> for years*. And also according to you, the reason why the original
>>>>>>> email was filled with spelling errors is because it *was rushed out
>>>>>>> due to you being "awake" at 6AM.* Do you see the inconsistency
>>>>>>> between those two statements? Your response to Christian also indicated that
>>>>>>> you* **didn't just discover this*.
>>>>>>>
>>>>>>> IF this is an old vulnerability and IF you've known about it for an
>>>>>>> extended period of time - WHY did you have to post it right when you did?
>>>>>>> It's old, you've known about it for a while, it's existed for years, yet it
>>>>>>> couldn't wait until later in the day? It couldn't wait until you had time to
>>>>>>> skim over the email and correct any spelling/grammar mistakes? It absolutely
>>>>>>> had to be posted right then and there?
>>>>>>>
>>>>>>> On Sat, Jun 11, 2011 at 9:14 PM, -= Glowing Doom =- <
>>>>>>> secn3t@...il.com> wrote:
>>>>>>>
>>>>>>>> Thats why i the people who do understand it, can see that it is
>>>>>>>> there... yes, VERY hard to expalin, id LOVE to see you try.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 12 June 2011 12:11, adam <adam@...sy.net> wrote:
>>>>>>>>
>>>>>>>>> Furthermore, pretending that we [the readers] are somehow at fault
>>>>>>>>> here (for not understanding) isn't going to get you very far. The only thing
>>>>>>>>> consistent in this entire thread is that people *kind of* want to
>>>>>>>>> know what you're talking about, but aren't able to due to the poor writing
>>>>>>>>> style and spelling/grammar errors.
>>>>>>>>>
>>>>>>>>> It should be noted that no one is being anal about typos, I fully
>>>>>>>>> understand that people make mistakes. The difference is that it appears you
>>>>>>>>> didn't even so much as proof read the original email.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Sat, Jun 11, 2011 at 9:04 PM, phocean <0x90@...cean.net> wrote:
>>>>>>>>>
>>>>>>>>>> Hi n3td3v... oops!... secn3t (that is close),
>>>>>>>>>>
>>>>>>>>>> Sorry but I don't understand anything to this thread.
>>>>>>>>>> Each of your emails is such a pain to read, that I stop at the
>>>>>>>>>> first
>>>>>>>>>> sentence.
>>>>>>>>>> We are all busy and don't want to take 20 min to decipher your
>>>>>>>>>> writing
>>>>>>>>>> with the risk that it is not deserving it.
>>>>>>>>>> Please clarify and give consistent technical facts.
>>>>>>>>>>
>>>>>>>>>> Thanks.
>>>>>>>>>>
>>>>>>>>>> Le 12/06/2011 03:33, -= Glowing Doom =- a écrit :
>>>>>>>>>> > This is NOT coded..  the PoC i am explaining, is possible with
>>>>>>>>>> simply
>>>>>>>>>> > copyying text,then using a sequence of keys, to make the actual
>>>>>>>>>> > sentence/s, appear.
>>>>>>>>>> > This code is not what shows up when it is dissected.
>>>>>>>>>> > It shows up with many x41 all over the email when it is done
>>>>>>>>>> properly .
>>>>>>>>>> > Regards.
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> > On 12 June 2011 11:29, Christian Sciberras <uuf6429@...il.com
>>>>>>>>>> > <mailto:uuf6429@...il.com>> wrote:
>>>>>>>>>> >
>>>>>>>>>> >     For those lazy enough to search:
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >     Excerpt:
>>>>>>>>>> >
>>>>>>>>>> >     Basicaly just compile this and you will get a 100% processor
>>>>>>>>>> usage
>>>>>>>>>> >     by the compiled exploit and Csrss.exe
>>>>>>>>>> >
>>>>>>>>>> >     #include <stdio.h>
>>>>>>>>>> >     int main(void)
>>>>>>>>>> >     {
>>>>>>>>>> >     while(1)
>>>>>>>>>> >     printf("\t\t\b\b\b\b\b\b");
>>>>>>>>>> >     return 0;
>>>>>>>>>> >     }
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >     How this helps in sending spam is beyond me.
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >     On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton <
>>>>>>>>>> noloader@...il.com
>>>>>>>>>> >     <mailto:noloader@...il.com>> wrote:
>>>>>>>>>> >
>>>>>>>>>> >         On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =-
>>>>>>>>>> >         <secn3t@...il.com <mailto:secn3t@...il.com>> wrote:
>>>>>>>>>> >
>>>>>>>>>> >         > It is now, over 1yr old atleast and exists in
>>>>>>>>>> riched20.dll.
>>>>>>>>>> >         > This PoC info is over for me also.
>>>>>>>>>> >         Microsoft had problems with a backspace in the past.
>>>>>>>>>> Search for
>>>>>>>>>> >         "CSRSS
>>>>>>>>>> >         Backspace Bug".
>>>>>>>>>> >
>>>>>>>>>> >         > [SNIP
>>>>>>>>>> >
>>>>>>>>>> >         Jeff
>>>>>>>>>> >
>>>>>>>>>> >         _______________________________________________
>>>>>>>>>> >         Full-Disclosure - We believe in it.
>>>>>>>>>> >         Charter:
>>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>>> >         Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> > _______________________________________________
>>>>>>>>>> > Full-Disclosure - We believe in it.
>>>>>>>>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> phocean
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Full-Disclosure - We believe in it.
>>>>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Full-Disclosure - We believe in it.
>>>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Full-Disclosure - We believe in it.
>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ