Bugtraq mailing list archives
Re: IE/0DAY -> Insider Prototype
From: "Fabricio A. Angeletti" <hellmind () rotten daemon sh>
Date: Tue, 22 Jun 2004 11:47:25 -0300
Permision Denied For me xp full patched sp 1 ----- Original Message ----- From: <liudieyu () umbrella name> To: <bugtraq () securityfocus com> Sent: Monday, June 21, 2004 4:35 AM Subject: IE/0DAY -> Insider Prototype
[tested] Internet Explorer 6 SP1 running on Windows XP(Home Edition) Service Pack
1a
Updated on 2004/07/21 GMT+800 [intro] "the-insider" exploit was first noticed by the-insider:
http://umbrella.name/iebug.com/display-singlemessage.php?readmsg:fulldisclosure_message-2004060050
and then documented by jelmer:
http://umbrella.name/iebug.com/display-singlemessage.php?readmsg:fulldisclosure_message-2004060124
http://62.131.86.111/analysis.htm [what is new] the exploit is complicated. i just simplified the exploit and made a very small demo of the xss vulnerability: http://UMBRELLA.NAME/originalvuln/InsiderPrototype/demo.htm i hope it helps those who are confused by tons of code there in the exploit. the prototype is actually extremely simple - and cool. that's all. [request your comment on iebug.com] btw, what do you think of iebug.com http://iebug.com ? do you prefer just reading selected messages? i can make iebug display selected messages only; i can enable all visitors to vote for a message - or you have a better idea for iebug.com? please comment on iebug.com and let me know. iebug.com: ----- Security and Vulnerability Discussion related to Internet Explorer, Outlook, Java Virtual Machine and Windows Media Player found at bugtraq, full-disclosure and microsoft security bulletin up-to-hour ----- [ps] have a nice day, greetingz fly to: the Pull and dror and all real full-disclosure guys, especially: malware and jelmer and at last,but not least, all guys who helped improving winblox,
epecially:
mdc12 and morning_wood for contributing their code - it's a shame that i got some goddamned exams
in
the remaining june. i deleted all my email messages, please resend your email if i missed. liu die yu http://umbrella.name/
Current thread:
- IE/0DAY -> Insider Prototype liudieyu (Jun 21)
- Re: IE/0DAY -> Insider Prototype Fabricio A. Angeletti (Jun 23)