Full Disclosure: Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

[Jeffrey Walton <noloader () gmail com>]

On Sat, Jun 11, 2011 at 8:13 PM, adam <adam () papsy net> wrote:
> When the English version becomes available, please let me know.
I'd bet secn3t's english is better than your speaking his native tongue....

> On Sat, Jun 11, 2011 at 7:02 PM, -= Glowing Doom =- <secn3t () gmail com>
> wrote:
> > Systems wich appear vulnerable: EVERY single one i have tried...
> >
> > How:
> >
> > I wrote that sentecne, then, i backspaced it and blacked it over with copy
> > , then, enter url to wherver i want...
> > There is 3 ways i have found todo this, when i dissected one of them, the
> > URL/Sentence, was gfull of x41\x41\x41 , very strange... because it is still
> > able to be done 3 ways, and the simplest way does NOT require even html
> > 'link' to section, wich is what MST be done, altho on older emailer systems,
> > I see that it is simple as backspace over the sentence,then type the url, it
> > a'appears' at first , to be a normal deleted sentence, but when I open and
> > dissect, it shows URL/41/41/41 then all over the email page, same thing ...
> > I know this might be confusing,  I traced the problem to a dll or lib wich
> > is for text editing , and that dll is a VERY common one on any system, sofar
> > not one mailing system, has NOT had this vuln... yet, i have seen another
> > 'version' of this attack type, but, they can ONLY spoof a URL... This one,
> > you can make the whole email, a url... i will do this right now..
> >
> > [SNIP]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/