Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities

from [http-equiv@excite.com] Network Security [Permanent Link]
Subject: Re: FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities
Date: Thu, 9 Sep 2004 16:31:02 -0000 
<!--
The premise behind this Drag'n'Drop exploit is two-fold, one is
the ability to open a window with local content and the other is
the fact  that dropping an IMG element will pass its DYNSRC
attribute instead of  its SRC attribute
 -->

This is amusing. Though you're not the first to conjur up such
machinations. Below is my response to that from weeks ago when
originally constructing the demo:


Hi <snip>. Thanks.

Actually no, it has nothing to do with any of it. Just that I

am

currently on internet connection that is less fast than my
normal one.  While I was creating the demo, I found src=""
seemed to be slower loading the file than dynscr at the time.

I

just left it in once I completed the demo. Has no bearing on

the

matter since I rebooted and both are the same speed now on

this

machine (or the connection has since sped up).

<snip> said:


Hey,

Nice demo, I have some questions though...

Are you using <img dynsrc="malware.exe"> to bypass the check

on

where the file is originating from?



The 'inventor' of this product also needs to be aware that the
http folder behavior results in the same dating back Wednesday,
August 14, 2002 [http://www.securityfocus.com/archive/1/320437]:

<body onload=malware() style="behavior: url
(#default#httpFolder);">
 <script>
function malware(){
document.body.navigate("shell:desktop");
}
 </script>

http://www.malware.com/shelp.html

plus all the html help calls via the html help object. Probably
many others but we can't do everything if you know what I mean.

<!--
Qwik-Fix Pro users were protected in advance against the Akak
trojan without additional updates. You can find a free copy of
Qwik-Fix Pro for  personal use at
http://www.pivx.com/qwikfixDwnloa.asp
-->


I recommend this new product instead. I've simply never been
able to get yours to do what you advertise it to do:

https://www.prevx.com/homeoffice/homeoffice_homedownload.htm

Protect your home and home office against the next Zero Day
Internet Worm, Spyware Installation or Hacker attack.




--
http://www.malware.com

-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such 
that just hitting reply is going to result in the message coming to the list, 
not to the individual who sent the message. This was done to help reduce the 
number of Out of Office messages posters received. So if you want to send a 
reply just to the poster, you'll have to copy their email address out of the 
message and place it in your TO: field.
-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  XP SP2 - profile detection without GPO's ?, Hahn, Frank
Next by Date:  Re: XP SP2: cannot access Disk Manager (LDM) on remote Win 2000 s ystems>>>, Steven McCarthy
Previous by Thread:  FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities, Thor Larholm
Next by Thread:  XP2 update bypasses proxy setting, John Gelavis
Indexes:  [Date] [Thread] [Top] [All Lists]