Re: FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities
From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
Date: Thu, 9 Sep 2004 16:31:02 -0000
Cc: <NTBugtraq@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: 1@xxxxxxxxxxx


<!-- 
The premise behind this Drag'n'Drop exploit is two-fold, one is 
the ability to open a window with local content and the other is 
the fact  that dropping an IMG element will pass its DYNSRC 
attribute instead of  its SRC attribute
 -->

This is amusing. Though you're not the first to conjur up such 
machinations. Below is my response to that from weeks ago when 
originally constructing the demo:

> Hi <snip>. Thanks.
> 
> Actually no, it has nothing to do with any of it. Just that I 
am 
> currently on internet connection that is less fast than my 
> normal one.  While I was creating the demo, I found src="" 
> seemed to be slower loading the file than dynscr at the time. 
I 
> just left it in once I completed the demo. Has no bearing on 
the 
> matter since I rebooted and both are the same speed now on 
this 
> machine (or the connection has since sped up).
> 
> <snip> said:
> 
> > Hey,
> > 
> > Nice demo, I have some questions though...
> > 
> > Are you using <img dynsrc="malware.exe"> to bypass the check 
> on 
> > where the file is originating from?


The 'inventor' of this product also needs to be aware that the 
http folder behavior results in the same dating back Wednesday, 
August 14, 2002 [http://www.securityfocus.com/archive/1/320437]:

<body onload=malware() style="behavior: url
(#default#httpFolder);"> 
 <script> 
function malware(){ 
document.body.navigate("shell:desktop"); 
} 
 </script>

http://www.malware.com/shelp.html

plus all the html help calls via the html help object. Probably 
many others but we can't do everything if you know what I mean.

<!-- 
Qwik-Fix Pro users were protected in advance against the Akak 
trojan without additional updates. You can find a free copy of 
Qwik-Fix Pro for  personal use at 
http://www.pivx.com/qwikfixDwnloa.asp 
-->


I recommend this new product instead. I've simply never been 
able to get yours to do what you advertise it to do:

https://www.prevx.com/homeoffice/homeoffice_homedownload.htm

Protect your home and home office against the next Zero Day 
Internet Worm, Spyware Installation or Hacker attack. 




-- 
http://www.malware.com

Prev by Date: Re: New Data Wipe Tools
Next by Date: New Data Wipe Tools
Previous by thread: FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities
Next by thread: [XSS] PHP-Nuke 7.4 ViewAdmin Bug
Index(es):
- Date
- Thread