anyone with a fully patched IE6.. - GoFuckYourself.com

extreme · 07-05-2004, 02:02 PM

.. does either of theese 2 links popup a cmd.exe window for you? Absolutely harmless test.

http://www.signupsluts.com/ie.html

http://www.signupsluts.com/ie2.html

David! · 07-05-2004, 02:04 PM

2nd one popped up a window "attempting injection"

johnbosh · 07-05-2004, 02:07 PM

first one loaded without problems, second one, same popup asPussyMan

Where are you testing it for?

Fabuleux · 07-05-2004, 02:12 PM

The first one is trying to use an exploit.

the Shemp · 07-05-2004, 02:12 PM

Quote:

Originally posted by PussyMan
2nd one popped up a window "attempting injection"

ditto

cambaby · 07-05-2004, 02:17 PM

Mozilla Firefox

s9ann0 · 07-05-2004, 02:20 PM

nah doesn't run it

extreme · 07-05-2004, 02:21 PM

ok, that wasn't it though. It tries to execute "cmd.exe /c pause".

Testing for this but didn't get it to work:

http://seclists.org/lists/bugtraq/2004/Jul/0026.html

HARDC0R3 · 07-05-2004, 02:22 PM

2nd window: INJECTED

wtf are you doing to my browser

extreme · 07-05-2004, 02:29 PM

Quote:

Originally posted by HARDC0R3
2nd window: INJECTED

wtf are you doing to my browser

That's just a normal java-scri-pt popup ... the exploit test is totally harmless + didn't even seem to work.

Apparently there's a way to bypass the latest IE securitypatch by using Shell.Application instead of ADODB.Stream (which the latest patch disabled).

Fabuleux · 07-05-2004, 02:32 PM

Quote:

Originally posted by extreme
That's just a normal java-scri-pt popup ... the exploit test is totally harmless + didn't even seem to work.

Apparently there's a way to bypass the latest IE securitypatch by using Shell.Application instead of ADODB.Stream (which the latest patch disabled).

No. it's not. The last patch I downloaded was 2 hours ago, my browser blocks both pages you submitted.

Manowar · 07-05-2004, 02:34 PM

Quote:

Originally posted by PussyMan
2nd one tried popped up a window "attempting injection"

extreme · 07-05-2004, 02:36 PM

Quote:

Originally posted by Fabuleux
No. it's not. The last patch I downloaded was 2 hours ago, my browser blocks both pages you submitted.

Read my posts better. You're talking about the ADODB.Stream patch correct? Im talking about a possibility to bypass it, was mentioned on bugtraq. But didn't work for me and nobody else so looks like false alarm atm. Or if I got the exploit test wrong somehow.

David! · 07-05-2004, 02:38 PM

WTF ????

I got 20 Dollars bills coming out of my printer now !!

extreme · 07-05-2004, 02:40 PM

Quote:

Originally posted by PussyMan
WTF ????

I got 20 Dollars bills coming out of my printer now !!

wooohooo, I deserve 50%!

MattO · 07-05-2004, 03:01 PM

In the last couple of weeks I have seen a lot of submissions to my TGP with that injection code in it. I don't know what the hell whoever is submitting it is thinking like they'd get approved with that kind of bullshit.

07-05-2004, 02:02 PM	#1
extreme Confirmed User Industry Role: Join Date: Oct 2002 Location: lalaland Posts: 2,120	anyone with a fully patched IE6.. .. does either of theese 2 links popup a cmd.exe window for you? Absolutely harmless test. http://www.signupsluts.com/ie.html http://www.signupsluts.com/ie2.html __________________ Browse and find new paysites with screenshot-preview Export FHGs/FLVs/Paysites by JSON, XML, CSV and Text Find FHGs/FLVs/Paysites from any given Category or Search-query

07-05-2004, 02:04 PM	#2
David! By the wrath of Agamemnon Industry Role: Join Date: Apr 2004 Location: Miami Posts: 6,501	2nd one popped up a window "attempting injection" __________________ .

07-05-2004, 02:12 PM	#4
Fabuleux Confirmed User Join Date: May 2003 Location: The Netherlands Posts: 2,543	The first one is trying to use an exploit. __________________

07-05-2004, 02:21 PM	#8
extreme Confirmed User Industry Role: Join Date: Oct 2002 Location: lalaland Posts: 2,120	ok, that wasn't it though. It tries to execute "cmd.exe /c pause". Testing for this but didn't get it to work: http://seclists.org/lists/bugtraq/2004/Jul/0026.html __________________ Browse and find new paysites with screenshot-preview Export FHGs/FLVs/Paysites by JSON, XML, CSV and Text Find FHGs/FLVs/Paysites from any given Category or Search-query Last edited by extreme; 07-05-2004 at 02:23 PM..

07-05-2004, 02:38 PM	#14
David! By the wrath of Agamemnon Industry Role: Join Date: Apr 2004 Location: Miami Posts: 6,501	WTF ???? I got 20 Dollars bills coming out of my printer now !! __________________ . Last edited by David!; 07-05-2004 at 02:39 PM..

07-05-2004, 02:07 PM	#3
johnbosh Confirmed User Join Date: Aug 2002 Location: The Netherlands, Rotterdam Posts: 8,965	first one loaded without problems, second one, same popup asPussyMan Where are you testing it for?

07-05-2004, 02:17 PM	#6
cambaby So Fucking Banned Join Date: Feb 2003 Location: CR Posts: 3,141	Mozilla Firefox

07-05-2004, 02:20 PM	#7
s9ann0 Confirmed User Join Date: Sep 2001 Location: Boston Posts: 4,873	nah doesn't run it

07-05-2004, 02:22 PM	#9
HARDC0R3 Registered User Join Date: Jun 2004 Posts: 14	2nd window: INJECTED wtf are you doing to my browser

07-05-2004, 03:01 PM	#16
MattO The O is for Oohhh Join Date: Feb 2003 Location: AUSTIN TEJAS Posts: 10,861	In the last couple of weeks I have seen a lot of submissions to my TGP with that injection code in it. I don't know what the hell whoever is submitting it is thinking like they'd get approved with that kind of bullshit.