Haha, holy mother of... -=Glowing Dumb=- made my day... To be honest, he made my whole week.
Adam, I can't thank you enough for CCing the list. 2011/6/12 adam <a...@papsy.net> > I'm not sure how you can keep insisting that it's not a feature when it's > clearly been shown to be one. You either need to pay more attention, or get > a better dictionary. > > What you're describing is possible directly through the anchor/link > feature. Even if it weren't, you could just as easily switch over to plain > text and insert the anchor tag manually. There is no exploit involved, as > the ability to use hyperlinks is an email isn't an *unintentional bug* but > a very popular *feature*. > > On Sat, Jun 11, 2011 at 10:37 PM, -= Glowing Doom =- <sec...@gmail.com>wrote: > >> there is ANOTHER method idiot.... >> >> ut, you wont figue it :) >> >> and how ? >> what if made a damn email with ALL text as a bad-link...and, say you open >> it, and, just happen to accidnetally hover and, click.. wich, many ppl do... >> it is not some spam email with a link, and NO it is NOT a feature.. idiot >> again. >> >> >> >> On 12 June 2011 13:34, adam <a...@papsy.net> wrote: >> >>> #1 - No one has replied since I reproduced your "proof of concept." >>> >>> #2 - Even if they had, you're replying directly to me - not the list. >>> >>> #3 - None of that is necessary. Type in text, highlight it and then click >>> the anchor/link icon. From there, you can insert the target URL (and use the >>> text of your choice). This is possible across most (all?) mail clients, as >>> well as forums. It's an intentional feature that let's you specify anchor >>> text. >>> >>> Assuming you're using a mail client that doesn't allow that (which I'd >>> find very hard to believe that it has an anchor/link icon and doesn't have >>> that feature) but even if that were the case: who is really vulnerable here >>> (and to what? specifying anchor text != code injection). >>> >>> On Sat, Jun 11, 2011 at 10:29 PM, -= Glowing Doom =- >>> <sec...@gmail.com>wrote: >>> >>>> now, you guys loose.... see why you should NOT flame people... >>>> now, try find the REAL problem, wich, exists NOt in server... >>>> anyhow.. have fun flaming ppl... >>>> you finally work it out, then your all nice... >>>> screw you. >>>> and, screw your domain. >>>> >>>> >>>> >>>> On 12 June 2011 13:28, -= Glowing Doom =- <sec...@gmail.com> wrote: >>>> >>>>> This is what i tried to explain... >>>>> >>>>> enter text, darken it, and then link , i said this 3 times..yet one >>>>> person managed to finally do it, after having tospell it. >>>>> no , i am, not a smartarse. and the other method, i should just have >>>>> left out. >>>>> now, nomore fd for me,. >>>>> thanks,. >>>>> >>>>> >>>>> >>>>> On 12 June 2011 13:25, adam <a...@papsy.net> wrote: >>>>> >>>>>> The reason why no one understood your ground-breaking vulnerability >>>>>> (broken English aside) is because it's a *feature*. Whether you're >>>>>> being a smartass right now or not is irrelevant, being that my email >>>>>> generated the exact same thing as yours did (view source on both of >>>>>> them). >>>>>> The difference is, you're doing some backspace *trick* whereas I'm >>>>>> entering text, highlighting it and then clicking the link icon. >>>>>> >>>>>> Congratulations on wasting everyone's time, they were right to have >>>>>> abandoned this thread from the start. >>>>>> >>>>>> >>>>>> On Sat, Jun 11, 2011 at 10:20 PM, -= Glowing Doom =- < >>>>>> sec...@gmail.com> wrote: >>>>>> >>>>>>> wow, ONE person finally can do it, after only having top basically >>>>>>> SPELL it for you.. why did you not do it from the start >???? >>>>>>> Lame team. >>>>>>> >>>>>>> Sorry but, have fun.. I wont be cc'd, I will just filter all of the >>>>>>> fd :) >>>>>>> BYE! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 12 June 2011 13:16, adam <a...@papsy.net> wrote: >>>>>>> >>>>>>>> You do realize you're still going to be CC'd, don't >>>>>>>> you?<http://www.google.com/> >>>>>>>> >>>>>>>> And OH MY GOD, my text somehow became a clickable link. Did you guys >>>>>>>> see that? Did you see my ground breaking exploit? I demand your respect >>>>>>>> right this second!@ >>>>>>>> >>>>>>>> >>>>>>>> On Sat, Jun 11, 2011 at 10:13 PM, -= Glowing Doom =- < >>>>>>>> sec...@gmail.com> wrote: >>>>>>>> >>>>>>>>> done.. bye! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On 12 June 2011 13:12, -= Glowing Doom =- <sec...@gmail.com>wrote: >>>>>>>>> >>>>>>>>>> Yet i now stop... enjoy your pathetic,useless luist.. i will now >>>>>>>>>> unsubscribe :) >>>>>>>>>> thanks. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On 12 June 2011 13:09, -= Glowing Doom =- <sec...@gmail.com>wrote: >>>>>>>>>> >>>>>>>>>>> Here again.... >>>>>>>>>>> >>>>>>>>>>> I will write a sentence now, and, i will just copy, so it is >>>>>>>>>>> 'darkened' text , then with NO backspace just leave the text >>>>>>>>>>> darkened, and >>>>>>>>>>> goto 'link' , and enter a link.. the text will turn to red. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> (this is the easiest way to reproduce >>>>>>>>>>> it...)<http://www.haxxor-NOT.bs> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 12 June 2011 13:07, -= Glowing Doom =- <sec...@gmail.com>wrote: >>>>>>>>>>> >>>>>>>>>>>> I should have said just 'copy, then hit link... because the >>>>>>>>>>>> other one, is actually VERY hard to explain..but yes... >>>>>>>>>>>> backspace... has a >>>>>>>>>>>> bug with emails. Is this so hard for 500000 ppl to understand ? >>>>>>>>>>>> I am really shocked at the brubbish talk i have copped from >>>>>>>>>>>> this. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On 12 June 2011 13:06, -= Glowing Doom =- <sec...@gmail.com>wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Do the research... then call yourself a 'team'...please :s >>>>>>>>>>>>> >>>>>>>>>>>>> The PoC, is easy as hell to reproduce. I am shocked a team, >>>>>>>>>>>>> cannot do it.. >>>>>>>>>>>>> >>>>>>>>>>>>> even the easy one wich is just copy/backspace, and, hit link >>>>>>>>>>>>> and enter a link! >>>>>>>>>>>>> simple ? >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On 12 June 2011 12:52, Haxxor Security <h...@xxor.se> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> As I (painfully tried to) understand it, secn3t can fool his >>>>>>>>>>>>>> own email client to create malformed links by pressing >>>>>>>>>>>>>> backspace... >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2011/6/12 adam <a...@papsy.net> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> At the end of the day, you're going to be treated like a >>>>>>>>>>>>>>> child as long as you continue to type like one. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The entertaining part for me is how each of your replies >>>>>>>>>>>>>>> contradicts a previous one. According to you, this * >>>>>>>>>>>>>>> vulnerability* *has existed for years*. And also according >>>>>>>>>>>>>>> to you, the reason why the original email was filled with >>>>>>>>>>>>>>> spelling errors is >>>>>>>>>>>>>>> because it *was rushed out due to you being "awake" at 6AM.* Do >>>>>>>>>>>>>>> you see the inconsistency between those two statements? Your >>>>>>>>>>>>>>> response to >>>>>>>>>>>>>>> Christian also indicated that you* **didn't just discover >>>>>>>>>>>>>>> this*. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> IF this is an old vulnerability and IF you've known about it >>>>>>>>>>>>>>> for an extended period of time - WHY did you have to post it >>>>>>>>>>>>>>> right when you >>>>>>>>>>>>>>> did? It's old, you've known about it for a while, it's existed >>>>>>>>>>>>>>> for years, >>>>>>>>>>>>>>> yet it couldn't wait until later in the day? It couldn't wait >>>>>>>>>>>>>>> until you had >>>>>>>>>>>>>>> time to skim over the email and correct any spelling/grammar >>>>>>>>>>>>>>> mistakes? It >>>>>>>>>>>>>>> absolutely had to be posted right then and there? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Sat, Jun 11, 2011 at 9:14 PM, -= Glowing Doom =- < >>>>>>>>>>>>>>> sec...@gmail.com> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thats why i the people who do understand it, can see that it >>>>>>>>>>>>>>>> is there... yes, VERY hard to expalin, id LOVE to see you try. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On 12 June 2011 12:11, adam <a...@papsy.net> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Furthermore, pretending that we [the readers] are somehow >>>>>>>>>>>>>>>>> at fault here (for not understanding) isn't going to get you >>>>>>>>>>>>>>>>> very far. The >>>>>>>>>>>>>>>>> only thing consistent in this entire thread is that people >>>>>>>>>>>>>>>>> *kind of* want to know what you're talking about, but >>>>>>>>>>>>>>>>> aren't able to due to the poor writing style and >>>>>>>>>>>>>>>>> spelling/grammar errors. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> It should be noted that no one is being anal about typos, I >>>>>>>>>>>>>>>>> fully understand that people make mistakes. The difference is >>>>>>>>>>>>>>>>> that it >>>>>>>>>>>>>>>>> appears you didn't even so much as proof read the original >>>>>>>>>>>>>>>>> email. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Sat, Jun 11, 2011 at 9:04 PM, phocean <0...@phocean.net >>>>>>>>>>>>>>>>> > wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi n3td3v... oops!... secn3t (that is close), >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Sorry but I don't understand anything to this thread. >>>>>>>>>>>>>>>>>> Each of your emails is such a pain to read, that I stop at >>>>>>>>>>>>>>>>>> the first >>>>>>>>>>>>>>>>>> sentence. >>>>>>>>>>>>>>>>>> We are all busy and don't want to take 20 min to decipher >>>>>>>>>>>>>>>>>> your writing >>>>>>>>>>>>>>>>>> with the risk that it is not deserving it. >>>>>>>>>>>>>>>>>> Please clarify and give consistent technical facts. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Thanks. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Le 12/06/2011 03:33, -= Glowing Doom =- a écrit : >>>>>>>>>>>>>>>>>> > This is NOT coded.. the PoC i am explaining, is >>>>>>>>>>>>>>>>>> possible with simply >>>>>>>>>>>>>>>>>> > copyying text,then using a sequence of keys, to make the >>>>>>>>>>>>>>>>>> actual >>>>>>>>>>>>>>>>>> > sentence/s, appear. >>>>>>>>>>>>>>>>>> > This code is not what shows up when it is dissected. >>>>>>>>>>>>>>>>>> > It shows up with many x41 all over the email when it is >>>>>>>>>>>>>>>>>> done properly . >>>>>>>>>>>>>>>>>> > Regards. >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > On 12 June 2011 11:29, Christian Sciberras < >>>>>>>>>>>>>>>>>> uuf6...@gmail.com >>>>>>>>>>>>>>>>>> > <mailto:uuf6...@gmail.com>> wrote: >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > For those lazy enough to search: >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1 >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > Excerpt: >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > Basicaly just compile this and you will get a 100% >>>>>>>>>>>>>>>>>> processor usage >>>>>>>>>>>>>>>>>> > by the compiled exploit and Csrss.exe >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > #include <stdio.h> >>>>>>>>>>>>>>>>>> > int main(void) >>>>>>>>>>>>>>>>>> > { >>>>>>>>>>>>>>>>>> > while(1) >>>>>>>>>>>>>>>>>> > printf("\t\t\b\b\b\b\b\b"); >>>>>>>>>>>>>>>>>> > return 0; >>>>>>>>>>>>>>>>>> > } >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > How this helps in sending spam is beyond me. >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton < >>>>>>>>>>>>>>>>>> noloa...@gmail.com >>>>>>>>>>>>>>>>>> > <mailto:noloa...@gmail.com>> wrote: >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom >>>>>>>>>>>>>>>>>> =- >>>>>>>>>>>>>>>>>> > <sec...@gmail.com <mailto:sec...@gmail.com>> >>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > > It is now, over 1yr old atleast and exists in >>>>>>>>>>>>>>>>>> riched20.dll. >>>>>>>>>>>>>>>>>> > > This PoC info is over for me also. >>>>>>>>>>>>>>>>>> > Microsoft had problems with a backspace in the >>>>>>>>>>>>>>>>>> past. Search for >>>>>>>>>>>>>>>>>> > "CSRSS >>>>>>>>>>>>>>>>>> > Backspace Bug". >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > > [SNIP >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > Jeff >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > _______________________________________________ >>>>>>>>>>>>>>>>>> > Full-Disclosure - We believe in it. >>>>>>>>>>>>>>>>>> > Charter: >>>>>>>>>>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>>>>>>>>>>>> > Hosted and sponsored by Secunia - >>>>>>>>>>>>>>>>>> http://secunia.com/ >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > _______________________________________________ >>>>>>>>>>>>>>>>>> > Full-Disclosure - We believe in it. >>>>>>>>>>>>>>>>>> > Charter: >>>>>>>>>>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>>>>>>>>>>>> > Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>> phocean >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>> Full-Disclosure - We believe in it. >>>>>>>>>>>>>>>>>> Charter: >>>>>>>>>>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>>>>>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>> Full-Disclosure - We believe in it. >>>>>>>>>>>>>>>>> Charter: >>>>>>>>>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>>>>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> Full-Disclosure - We believe in it. >>>>>>>>>>>>>>> Charter: >>>>>>>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Full-Disclosure - We believe in it. >>>>>>>>>>>>>> Charter: >>>>>>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Full-Disclosure - We believe in it. >>>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
