GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   anyone with a fully patched IE6.. (https://gfy.com/showthread.php?t=322257)

extreme 07-05-2004 02:02 PM
anyone with a fully patched IE6..
 
.. does either of theese 2 links popup a cmd.exe window for you? Absolutely harmless test.

http://www.signupsluts.com/ie.html

http://www.signupsluts.com/ie2.html

David! 07-05-2004 02:04 PM
2nd one popped up a window "attempting injection"

johnbosh 07-05-2004 02:07 PM
first one loaded without problems, second one, same popup asPussyMan

Where are you testing it for?

Fabuleux 07-05-2004 02:12 PM
The first one is trying to use an exploit.

the Shemp 07-05-2004 02:12 PM
Quote:
Originally posted by PussyMan
2nd one popped up a window "attempting injection"
ditto

cambaby 07-05-2004 02:17 PM
:thumbsup Mozilla Firefox

s9ann0 07-05-2004 02:20 PM
nah doesn't run it

extreme 07-05-2004 02:21 PM
ok, that wasn't it though. It tries to execute "cmd.exe /c pause".

Testing for this but didn't get it to work:

http://seclists.org/lists/bugtraq/2004/Jul/0026.html

HARDC0R3 07-05-2004 02:22 PM
2nd window: INJECTED

wtf are you doing to my browser :feels-hot

extreme 07-05-2004 02:29 PM
Quote:
Originally posted by HARDC0R3
2nd window: INJECTED

wtf are you doing to my browser :feels-hot
That's just a normal java-scri-pt popup ... the exploit test is totally harmless + didn't even seem to work.

Apparently there's a way to bypass the latest IE securitypatch by using Shell.Application instead of ADODB.Stream (which the latest patch disabled).

Fabuleux 07-05-2004 02:32 PM
Quote:
Originally posted by extreme
That's just a normal java-scri-pt popup ... the exploit test is totally harmless + didn't even seem to work.

Apparently there's a way to bypass the latest IE securitypatch by using Shell.Application instead of ADODB.Stream (which the latest patch disabled).
No. it's not. The last patch I downloaded was 2 hours ago, my browser blocks both pages you submitted.

Manowar 07-05-2004 02:34 PM
Quote:
Originally posted by PussyMan
2nd one tried popped up a window "attempting injection"

extreme 07-05-2004 02:36 PM
Quote:
Originally posted by Fabuleux
No. it's not. The last patch I downloaded was 2 hours ago, my browser blocks both pages you submitted.
Read my posts better. You're talking about the ADODB.Stream patch correct? Im talking about a possibility to bypass it, was mentioned on bugtraq. But didn't work for me and nobody else so looks like false alarm atm. Or if I got the exploit test wrong somehow.

David! 07-05-2004 02:38 PM
WTF ????
:feels-hot :mad: :feels-hot




























I got 20 Dollars bills coming out of my printer now !! :1orglaugh

extreme 07-05-2004 02:40 PM
Quote:
Originally posted by PussyMan
WTF ????
:feels-hot :mad: :feels-hot
I got 20 Dollars bills coming out of my printer now !! :1orglaugh
wooohooo, I deserve 50%!

MattO 07-05-2004 03:01 PM
In the last couple of weeks I have seen a lot of submissions to my TGP with that injection code in it. I don't know what the hell whoever is submitting it is thinking like they'd get approved with that kind of bullshit.


All times are GMT -7. The time now is 06:24 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123