Bugtraq: Re: Netscape Exploit SOLVED

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Netscape Exploit SOLVED

From: aymeric () ONSHORE COM (Aymeric Grassart)
Date: Fri, 20 Jun 1997 18:42:10 -0500


John Robert LoVerso wrote:


Yes, Paul's approach only worked when the exploit files were accessed via
"file:".

The next problem would be, how can we make the client side reload this
page automatically? There would be several ways to accomplish. It will
work with JavaScript, but it 'might' also work if the document expiry
date is specified.


Creating a working exploit that can be remotely loaded isn't difficult.
I sent Paul one on Monday and he called me about his version yesterday.
He is considering releasing it here.

John


Err...I think i have a working exploit.
http://vogon.onshore.com/temp/index.html

--
Aymeric Grassart -<>- onShore Inc. -<>- http://www.onShore.com
perl -MIO::Socket -e \
'IO::Socket::INET->new(PeerAddr=>"some.windoze.box:139")->send("bye",MSG_OOB)'
        (R. Schwartz, on BugTraq)

By Date By Thread

Current thread:

Re: Netscape Exploit SOLVED, (continued)
- Re: Netscape Exploit SOLVED Yusuf Motiwala (Jun 18)
- Netscape Communicator 4.01 Aleph One (Jun 18)
- [Fwd: DESCHALL Press Release] Brian Young (Jun 18)
- Re: Netscape Exploit SOLVED Edwin Li-Kai Liu (Jun 19)
  - Re: Netscape Exploit SOLVED John Robert LoVerso (Jun 20)
- Re: Netscape Exploit SOLVED Aymeric Grassart (Jun 20)
- Re: Netscape exploit solved Paul T. Kooros (Jun 23)