RE: [Full-Disc]: [Full-Disclosure] Xmas virus on the cards ?

From: Rainer Gerhards (rgerhards_at_hq.adiscon.com)
Date: 12/18/03

  • Next message: Schmehl, Paul L: "RE: [Full-Disclosure] Xmas virus on the cards ?" 
    To: <full-disclosure@lists.netsys.com>
Date: Thu, 18 Dec 2003 16:56:56 +0100

    > > > I noticed this article at http://www.vnunet.com/News/1151553 and
    > > > it looks alarming - however did not find any more details.
    > >
    > > To me, it sounds like someone has misunderstood the "social
    > > engineering" of an URL that seems to lead to a picture...
    > >
    > > http://www.somedomain.com/picture.jpg
    > >
    > > Where "picture.jpg" is in fact a folder, not a file, so, a "normal"
    > > HTML page is sent to the browser instead.

    I just did a quick test. This works with executables quite well, too. I
    used IIS, created a directory test.jpg, placed notepad.exe in it and
    configured iis to use "notepad.exe" as default page.

    Interestingly, in IE I not only received a warning but the file was also
    not executable - I guess a little playing with the IIS mime map could
    "fix" this. In Opera, I got a decent warning (even showing the correct
    file name) and when I selected to "open" the file, I executed it.

    I did not do any specific test, just a 2 minute try.

    > >
    > > Aka, nothing to care about or filter at all, except trying to keep
    > > your browser as safe as possible, to prevent exploits in the
    > > HTML-page.

    I am not sure... this sounds indeed like a different quality. The
    orginal poster told about html emails. I guess there can be done some
    "fun" with this...

    Rainer

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Schmehl, Paul L: "RE: [Full-Disclosure] Xmas virus on the cards ?"

    Relevant Pages

    • Re: Intranet problem - 404 and 405 errors
      ... I presume the HTML has a FORM that is accessing the EXE. ... "Scripts" or "Scripts and Executables" Execute Permission, ... Both issues you describe can be directly diagnosed from the IIS web log ... Contact the Web site administrator if you believe that this request should ...
      (microsoft.public.inetserver.iis.security)
    • Re: Looking for advice
      ... You are basically asking if there is a way to serve web pages w/o ... out the html page directly. ... share drive and let the user open up the file in the browser. ... > have anyone to configure IIS or anything else. ...
      (microsoft.public.dotnet.languages.vb)
    • HTML/CSS file not served in IIS
      ... On my Win XP, IIS 5.1, I made a simple html file like follows:- ... <HEAD> ... The browser displays the page correctly as expected. ...
      (microsoft.public.inetserver.iis)
    • Re: [PHP] Displaying files
      ... When you link the browser to a file (as in your HTML and JS code below) it's the *client* that's accessing the file. ... Neither IIS nor PHP get involved in that. ... When you try to do the same with PHP it is running as the IUSR_SERVERNAME user which, by default and for good reason, cannot access network shares in that way. ...
      (php.general)
    • damndest thing!
      ... i've got an email script that produces a text and html version email. ... been testing it by echoing the html to the browser before the message is ... i am testing on windows using iis. ...
      (alt.php)
    • Quantcast