Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Re: Gadu-Gadu, another two bugs

from [lazy] Network Security [Permanent Link]
Subject: [Full-Disclosure] Re: Gadu-Gadu, another two bugs
Date: Mon, 20 Dec 2004 14:09:45 +0100 
On Fri, Dec 17, 2004 at 11:23:38AM +0100, Jaroslaw Sajko wrote:

Product:      Gadu-Gadu, build 155 and older
Vendor:               SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
Impact:               Script execution in local zone,
              Remote DoS
Severity:     High
Authors:      Blazej Miga <bla@man.poznan.pl>,
              Jaroslaw Sajko <sloik@man.poznan.pl>
Date:         17/12/04

...

[DETAILS]

Bug 1.
Parsing error. We can send a malicious string which has an url inside.
This url can be a javascript code for example or reference to such a code.
Code will execute when the window with message pops up. Code will execute
in LOCAL ZONE! Works also with older versions.

Example:

Send such a string to any receipent:
www.po"style=background-image:url(javascript:document.write('%3cscript%3ealert%28%22you%20are%20owned!%22%29%3c%2fscript%3e'));".pl


tlen.pl - another polish IM was also vulunerable to Bug1
they fixed it in 5.23.4.2 and (as I was told) they now block it on the servers, 
but you can check it
locally on your own client

__
Regards,
Michal Grzedzicki

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  MDKSA-2004:155 - Updated logcheck packages fix temporary file vulnerability, Mandrake Linux Security Team
Next by Date:  Re: DJB's students release 44 *nix software vulnerability advisories, Jack Lloyd
Previous by Thread:  Re: [Full-Disclosure] Re: Gadu-Gadu, another two bugs, Maciej Soltysiak
Next by Thread:  NetBSD Security Advisory 2004-010: Insufficient argument validation in compat code, NetBSD Security-Officer
Indexes:  [Date] [Thread] [Top] [All Lists]