Re: POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

[Valdis.Kletnieks () vt edu]

On Sun, 12 Jun 2011 11:33:17 +1000, -= Glowing Doom =- said:

> This code is not what shows up when it is dissected.
> It shows up with many x41 all over the email when it is done properly .

Part of the problem is that your original PoC mail didn't in fact have x41s all
over the place.  Your original e-mail showed up as a multipart/alternative. In
the text/plain part, it had:

PoC1.
Ok, this is a PoC , this actual whole sentence...<http://www.lemonparty.biz>

And in the text/html part, it had (quoted-printable and all):

one, you can make the whole email, a url... i will do this right now..<br><=
br><br>PoC1.<br><a href=3D"http://www.lemonparty.biz";>Ok, this is a PoC , t=
his actual whole sentence...</a><br><br><br>PoC 2:<br><br><a href=3D"http:/=
/www.goggle.com">I wrote that sentecne, then, i backspaced it and blacked i=
t over with copy , then, enter url to wherver i want...There is 3 ways i ha=
ve found todo this, when i dissected one of them, the URL/Sentence, was gfu=
ll of x41\x41\x41 , very strange... because it is still able to be done 3 w=

All of which makes it rather hard to figure out what you're talking about.  All
anybody sees is perfectly normal HTML anchor text, which is a *feature* that's
probably older than many readers of this list. ;)

See page 4 of the *original* HTML spec from 1993:

http://www.w3.org/MarkUp/draft-ietf-iiir-html-01.txt

which includes the text:

                   Item one has an
                  <A NAME="anchor">
                   anchor
                  </A>

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/