Also
https://isc.sans.edu/diary.html?storyid=10318
Juha-Matti
Michal Zalewski [lcam...@coredump.cx] kirjoitti:
FYI, here's a provisional advisory from Microsoft acknowledging this issue:
http://www.microsoft.com/technet/security/advisory/2501696.mspx
/mz
FYI, here's a provisional advisory from Microsoft acknowledging this issue:
http://www.microsoft.com/technet/security/advisory/2501696.mspx
/mz
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
nice work to MS
now, let us to wait for the FIX .
.
gogogo
[image: 2000]
hitest
2011/1/28 Michal Zalewski lcam...@coredump.cx:
FYI, here's a provisional advisory from Microsoft acknowledging this
issue:
http://www.microsoft.com/technet/security/advisory/2501696.mspx
/mz
On Wed, 26 Jan 2011 21:43:28 PST, Michal Zalewski said:
The real problem is that when mhtml: is used to fetch the container
over an underlying protocol, it does not honor Content-Type and
related headers (or even nosniff).
Geez. It's 2011, and people are *still* doing that same basic error?
Security is a general,Many security issues are composed of many
different vulnerabilities of different factory.
like mhtml:http://www.google.com/gwt/n?u=[mhtml file url]! this vul
so we come back this vul need two Conditions
Not a google vuln.
Hunt down MSFT to pay for your bug.
Oh wait they dont pay for free research.. 0noz, you wont get any candy !
2011/1/27, IEhrepus 5up3r...@gmail.com:
Security is a general,Many security issues are composed of many
different vulnerabilities of different factory.
like
Long, long time ago, we heard an interesting legend is www.google.com
will Pay for its vulnerability,so we want to try ...
lucky,A vulnerability has been caught by my friend
PZ[http://hi.baidu.com/p__z], this vul is base on 《Hacking with mhtml
protocol
Football field? More like dodgeball !!!
On Wed, Jan 26, 2011 at 10:33 AM, IEhrepus 5up3r...@gmail.com wrote:
Long, long time ago, we heard an interesting legend is www.google.com
will Pay for its vulnerability,so we want to try ...
lucky,A vulnerability has been caught by my friend
these
replies (:
Message: 10
Date: Wed, 26 Jan 2011 01:33:16 -0800
From: IEhrepus 5up3r...@gmail.com
Subject: [Full-disclosure] www.google.com xss vulnerability Using
mhtml
To: full-disclosure@lists.grok.org.uk
Cc: s...@rckc.at
Message-ID:
aanlktinf+xicfvrw86cm
I woudn't like to discourage ppl submitting vulns to vendors but this is the
response you'll most likely to get from those kind of vendors no matter what
you found in their system. I had more than a dozen similar experience like
yours. Now it's public + fixed and you gotta get nothing beside
Obviously this problem is not clear. A very similar problem ,like the
HTTP Response Splitting ,Whose vulnerability? webapp or Server-side
language?
so we come back this vul need two Conditions
1.www.google.com app don't filter the CRLF
2.IE support mhtml protocol handler to render the mhtml
1.www.google.com app don't filter the CRLF
This is not strictly required; there are other scenarios where this
vulnerability is exploitable.
2.IE support mhtml protocol handler to render the mhtml file format,
and this is the why mhtml: is designed
The real problem is that when mhtml: is
12 matches
Mail list logo
