Yet i now stop... enjoy your pathetic,useless luist.. i will now unsubscribe :) thanks.
On 12 June 2011 13:09, -= Glowing Doom =- <[email protected]> wrote: > Here again.... > > I will write a sentence now, and, i will just copy, so it is 'darkened' > text , then with NO backspace just leave the text darkened, and goto 'link' > , and enter a link.. the text will turn to red. > > > (this is the easiest way to reproduce it...) <http://www.haxxor-NOT.bs> > > > > > > On 12 June 2011 13:07, -= Glowing Doom =- <[email protected]> wrote: > >> I should have said just 'copy, then hit link... because the other one, is >> actually VERY hard to explain..but yes... backspace... has a bug with >> emails. Is this so hard for 500000 ppl to understand ? >> I am really shocked at the brubbish talk i have copped from this. >> >> >> >> On 12 June 2011 13:06, -= Glowing Doom =- <[email protected]> wrote: >> >>> Do the research... then call yourself a 'team'...please :s >>> >>> The PoC, is easy as hell to reproduce. I am shocked a team, cannot do >>> it.. >>> >>> even the easy one wich is just copy/backspace, and, hit link and enter a >>> link! >>> simple ? >>> >>> >>> >>> On 12 June 2011 12:52, Haxxor Security <[email protected]> wrote: >>> >>>> As I (painfully tried to) understand it, secn3t can fool his own email >>>> client to create malformed links by pressing backspace... >>>> >>>> >>>> 2011/6/12 adam <[email protected]> >>>> >>>>> At the end of the day, you're going to be treated like a child as long >>>>> as you continue to type like one. >>>>> >>>>> The entertaining part for me is how each of your replies contradicts a >>>>> previous one. According to you, this *vulnerability* *has existed for >>>>> years*. And also according to you, the reason why the original email >>>>> was filled with spelling errors is because it *was rushed out due to >>>>> you being "awake" at 6AM.* Do you see the inconsistency between those >>>>> two statements? Your response to Christian also indicated that you* ** >>>>> didn't just discover this*. >>>>> >>>>> IF this is an old vulnerability and IF you've known about it for an >>>>> extended period of time - WHY did you have to post it right when you did? >>>>> It's old, you've known about it for a while, it's existed for years, yet >>>>> it >>>>> couldn't wait until later in the day? It couldn't wait until you had time >>>>> to >>>>> skim over the email and correct any spelling/grammar mistakes? It >>>>> absolutely >>>>> had to be posted right then and there? >>>>> >>>>> On Sat, Jun 11, 2011 at 9:14 PM, -= Glowing Doom =- >>>>> <[email protected]>wrote: >>>>> >>>>>> Thats why i the people who do understand it, can see that it is >>>>>> there... yes, VERY hard to expalin, id LOVE to see you try. >>>>>> >>>>>> >>>>>> >>>>>> On 12 June 2011 12:11, adam <[email protected]> wrote: >>>>>> >>>>>>> Furthermore, pretending that we [the readers] are somehow at fault >>>>>>> here (for not understanding) isn't going to get you very far. The only >>>>>>> thing >>>>>>> consistent in this entire thread is that people *kind of* want to >>>>>>> know what you're talking about, but aren't able to due to the poor >>>>>>> writing >>>>>>> style and spelling/grammar errors. >>>>>>> >>>>>>> It should be noted that no one is being anal about typos, I fully >>>>>>> understand that people make mistakes. The difference is that it appears >>>>>>> you >>>>>>> didn't even so much as proof read the original email. >>>>>>> >>>>>>> >>>>>>> On Sat, Jun 11, 2011 at 9:04 PM, phocean <[email protected]> wrote: >>>>>>> >>>>>>>> Hi n3td3v... oops!... secn3t (that is close), >>>>>>>> >>>>>>>> Sorry but I don't understand anything to this thread. >>>>>>>> Each of your emails is such a pain to read, that I stop at the first >>>>>>>> sentence. >>>>>>>> We are all busy and don't want to take 20 min to decipher your >>>>>>>> writing >>>>>>>> with the risk that it is not deserving it. >>>>>>>> Please clarify and give consistent technical facts. >>>>>>>> >>>>>>>> Thanks. >>>>>>>> >>>>>>>> Le 12/06/2011 03:33, -= Glowing Doom =- a écrit : >>>>>>>> > This is NOT coded.. the PoC i am explaining, is possible with >>>>>>>> simply >>>>>>>> > copyying text,then using a sequence of keys, to make the actual >>>>>>>> > sentence/s, appear. >>>>>>>> > This code is not what shows up when it is dissected. >>>>>>>> > It shows up with many x41 all over the email when it is done >>>>>>>> properly . >>>>>>>> > Regards. >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > On 12 June 2011 11:29, Christian Sciberras <[email protected] >>>>>>>> > <mailto:[email protected]>> wrote: >>>>>>>> > >>>>>>>> > For those lazy enough to search: >>>>>>>> > >>>>>>>> > >>>>>>>> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1 >>>>>>>> > >>>>>>>> > >>>>>>>> > Excerpt: >>>>>>>> > >>>>>>>> > Basicaly just compile this and you will get a 100% processor >>>>>>>> usage >>>>>>>> > by the compiled exploit and Csrss.exe >>>>>>>> > >>>>>>>> > #include <stdio.h> >>>>>>>> > int main(void) >>>>>>>> > { >>>>>>>> > while(1) >>>>>>>> > printf("\t\t\b\b\b\b\b\b"); >>>>>>>> > return 0; >>>>>>>> > } >>>>>>>> > >>>>>>>> > >>>>>>>> > How this helps in sending spam is beyond me. >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton < >>>>>>>> [email protected] >>>>>>>> > <mailto:[email protected]>> wrote: >>>>>>>> > >>>>>>>> > On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =- >>>>>>>> > <[email protected] <mailto:[email protected]>> wrote: >>>>>>>> > >>>>>>>> > > It is now, over 1yr old atleast and exists in >>>>>>>> riched20.dll. >>>>>>>> > > This PoC info is over for me also. >>>>>>>> > Microsoft had problems with a backspace in the past. >>>>>>>> Search for >>>>>>>> > "CSRSS >>>>>>>> > Backspace Bug". >>>>>>>> > >>>>>>>> > > [SNIP >>>>>>>> > >>>>>>>> > Jeff >>>>>>>> > >>>>>>>> > _______________________________________________ >>>>>>>> > Full-Disclosure - We believe in it. >>>>>>>> > Charter: >>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>> > Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > _______________________________________________ >>>>>>>> > Full-Disclosure - We believe in it. >>>>>>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>> > Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> phocean >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Full-Disclosure - We believe in it. >>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Full-Disclosure - We believe in it. >>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>> >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Full-Disclosure - We believe in it. >>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >>> >> >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
