Full Disclosure mailing list archives
Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
From: "-= Glowing Doom =-" <secn3t () gmail com>
Date: Sun, 12 Jun 2011 10:04:49 +1000
Sorry for the edit here... just adding some contact infos.. Ooops.. sorry forgot to add contact info, because id like some 'closure' on a couple of problems here.. hehe :) (BTW Jon Oberheldie , Spender , You guys are almost my idols :P) xd @ #haxnet#EFNet or #BackBOX On 12 June 2011 10:02, -= Glowing Doom =- <secn3t () gmail com> wrote:
Systems wich appear vulnerable: EVERY single one i have tried... How: I wrote that sentecne, then, i backspaced it and blacked it over with copy , then, enter url to wherver i want... There is 3 ways i have found todo this, when i dissected one of them, the URL/Sentence, was gfull of x41\x41\x41 , very strange... because it is still able to be done 3 ways, and the simplest way does NOT require even html 'link' to section, wich is what MST be done, altho on older emailer systems, I see that it is simple as backspace over the sentence,then type the url, it a'appears' at first , to be a normal deleted sentence, but when I open and dissect, it shows URL/41/41/41 then all over the email page, same thing ... I know this might be confusing, I traced the problem to a dll or lib wich is for text editing , and that dll is a VERY common one on any system, sofar not one mailing system, has NOT had this vuln... yet, i have seen another 'version' of this attack type, but, they can ONLY spoof a URL... This one, you can make the whole email, a url... i will do this right now.. PoC1. Ok, this is a PoC , this actual whole sentence...<http://www.lemonparty.biz> PoC 2: I wrote that sentecne, then, i backspaced it and blacked it over with copy , then, enter url to wherver i want...There is 3 ways i have found todo this, when i dissected one of them, the URL/Sentence, was gfull of x41\x41\x41 , very strange... because it is still able to be done 3 ways, and the simplest way does NOT require even html 'link' to section, wich is what MST be done, altho on older emailer systems, I see that it is simple as backspace over the sentence,then type the url, it a'appears' at first , to be a normal deleted sentence, but when I open and dissect, it shows URL/41/41/41 then all over the email page, same thing ... I know this might be confusing, I traced the problem to a dll or lib wich is for text editing<http://www.goggle.com>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now... -= Glowing Doom =- (Jun 11)
- Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now... -= Glowing Doom =- (Jun 11)
- Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now... adam (Jun 11)
- Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now... -= Glowing Doom =- (Jun 11)
- Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now... Christian Sciberras (Jun 11)
- Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now... -= Glowing Doom =- (Jun 11)
- Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now... Christian Sciberras (Jun 11)
- Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now... -= Glowing Doom =- (Jun 11)
- Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now... -= Glowing Doom =- (Jun 11)
- Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now... -= Glowing Doom =- (Jun 11)
- Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now... -= Glowing Doom =- (Jun 11)