BTW, that was my first, and last post ill ever be making to this list. so enjoy it.
On 12 June 2011 12:34, -= Glowing Doom =- <sec...@gmail.com> wrote: > Umm... someone ELSE showed the fact that, there is something with > backspace, and MS... Learn to read, ill prmise to learn to speeel :) > > To many IF's, do some research, instead of flaming. > > > > > On 12 June 2011 12:31, adam <a...@papsy.net> wrote: > >> At the end of the day, you're going to be treated like a child as long as >> you continue to type like one. >> >> The entertaining part for me is how each of your replies contradicts a >> previous one. According to you, this *vulnerability* *has existed for >> years*. And also according to you, the reason why the original email was >> filled with spelling errors is because it *was rushed out due to you >> being "awake" at 6AM.* Do you see the inconsistency between those two >> statements? Your response to Christian also indicated that you* **didn'tjust >> discover this >> *. >> >> IF this is an old vulnerability and IF you've known about it for an >> extended period of time - WHY did you have to post it right when you did? >> It's old, you've known about it for a while, it's existed for years, yet it >> couldn't wait until later in the day? It couldn't wait until you had time to >> skim over the email and correct any spelling/grammar mistakes? It absolutely >> had to be posted right then and there? >> >> On Sat, Jun 11, 2011 at 9:14 PM, -= Glowing Doom =- <sec...@gmail.com>wrote: >> >>> Thats why i the people who do understand it, can see that it is there... >>> yes, VERY hard to expalin, id LOVE to see you try. >>> >>> >>> >>> On 12 June 2011 12:11, adam <a...@papsy.net> wrote: >>> >>>> Furthermore, pretending that we [the readers] are somehow at fault here >>>> (for not understanding) isn't going to get you very far. The only thing >>>> consistent in this entire thread is that people *kind of* want to know >>>> what you're talking about, but aren't able to due to the poor writing style >>>> and spelling/grammar errors. >>>> >>>> It should be noted that no one is being anal about typos, I fully >>>> understand that people make mistakes. The difference is that it appears you >>>> didn't even so much as proof read the original email. >>>> >>>> >>>> On Sat, Jun 11, 2011 at 9:04 PM, phocean <0...@phocean.net> wrote: >>>> >>>>> Hi n3td3v... oops!... secn3t (that is close), >>>>> >>>>> Sorry but I don't understand anything to this thread. >>>>> Each of your emails is such a pain to read, that I stop at the first >>>>> sentence. >>>>> We are all busy and don't want to take 20 min to decipher your writing >>>>> with the risk that it is not deserving it. >>>>> Please clarify and give consistent technical facts. >>>>> >>>>> Thanks. >>>>> >>>>> Le 12/06/2011 03:33, -= Glowing Doom =- a écrit : >>>>> > This is NOT coded.. the PoC i am explaining, is possible with simply >>>>> > copyying text,then using a sequence of keys, to make the actual >>>>> > sentence/s, appear. >>>>> > This code is not what shows up when it is dissected. >>>>> > It shows up with many x41 all over the email when it is done properly >>>>> . >>>>> > Regards. >>>>> > >>>>> > >>>>> > >>>>> > On 12 June 2011 11:29, Christian Sciberras <uuf6...@gmail.com >>>>> > <mailto:uuf6...@gmail.com>> wrote: >>>>> > >>>>> > For those lazy enough to search: >>>>> > >>>>> > >>>>> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1 >>>>> > >>>>> > >>>>> > Excerpt: >>>>> > >>>>> > Basicaly just compile this and you will get a 100% processor >>>>> usage >>>>> > by the compiled exploit and Csrss.exe >>>>> > >>>>> > #include <stdio.h> >>>>> > int main(void) >>>>> > { >>>>> > while(1) >>>>> > printf("\t\t\b\b\b\b\b\b"); >>>>> > return 0; >>>>> > } >>>>> > >>>>> > >>>>> > How this helps in sending spam is beyond me. >>>>> > >>>>> > >>>>> > >>>>> > On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton < >>>>> noloa...@gmail.com >>>>> > <mailto:noloa...@gmail.com>> wrote: >>>>> > >>>>> > On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =- >>>>> > <sec...@gmail.com <mailto:sec...@gmail.com>> wrote: >>>>> > >>>>> > > It is now, over 1yr old atleast and exists in riched20.dll. >>>>> > > This PoC info is over for me also. >>>>> > Microsoft had problems with a backspace in the past. Search >>>>> for >>>>> > "CSRSS >>>>> > Backspace Bug". >>>>> > >>>>> > > [SNIP >>>>> > >>>>> > Jeff >>>>> > >>>>> > _______________________________________________ >>>>> > Full-Disclosure - We believe in it. >>>>> > Charter: >>>>> http://lists.grok.org.uk/full-disclosure-charter.html >>>>> > Hosted and sponsored by Secunia - http://secunia.com/ >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > _______________________________________________ >>>>> > Full-Disclosure - We believe in it. >>>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>> > Hosted and sponsored by Secunia - http://secunia.com/ >>>>> >>>>> >>>>> -- >>>>> phocean >>>>> >>>>> _______________________________________________ >>>>> Full-Disclosure - We believe in it. >>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >>> >> >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/