Who is going to spoil the yahoo IM bug? That would shake things up a bit more.<br><br><br><b><i>James Matthews <nytrokiss@gmail.com></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> And now the person that wanted to make money is losing it because of you people being so nosy! Sniff Sniff =)<br><br><div><span class="gmail_quote">On 7/9/07, <b class="gmail_sendername">Nicob</b> <<a href="mailto:nicob@nicob.net"> nicob@nicob.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Le lundi 09 juillet 2007 à 08:46 -0500, Charles Miller a écrit : <br>> Also, the vulnerability Nicob pointed out was pre-auth (mine was post-<br>> auth).<br><br>Simply sending an email to an user using the PGP plugin was enough to<br>compromise the server hosting SquirrelMail. That's nice, as the webmail <br>URL
doesn't have to be known. The server can even be unreachable from<br>the Internet.<br><br>That's imho more than pre-auth, as you can blindly send tons of mails to<br>random addresses and compromise some servers. <br><br>592 function gpg_check_sign_pgp_mime($message,$fullbodytext) {<br>[...]<br>639 //$messageSignedText = escapeshellarg($messageSignedText);<br>640 $messageSignedText = ereg_replace("\"", "\\\"",$messageSignedText ); <br>[...]<br>661 $command = "echo -n \"$messageSignedText\" | [blablabla]<br><br>Nicob<br><br><br><br><br><br>_______________________________________________<br>Dailydave mailing list<br><a href="mailto:Dailydave@lists.immunitysec.com"> Dailydave@lists.immunitysec.com</a><br><a href="http://lists.immunitysec.com/mailman/listinfo/dailydave">http://lists.immunitysec.com/mailman/listinfo/dailydave</a><br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.goldwatches.com/watches.asp?Brand=14">
http://www.goldwatches.com/watches.asp?Brand=14</a><br><a href="http://www.jewelerslounge.com">http://www.jewelerslounge.com</a> _______________________________________________<br>Dailydave mailing list<br>Dailydave@lists.immunitysec.com<br>http://lists.immunitysec.com/mailman/listinfo/dailydave<br></blockquote><br><p> 
<hr size=1>Be a better Globetrotter. <a href="http://us.rd.yahoo.com/evt=48254/*http://answers.yahoo.com/dir/_ylc=X3oDMTI5MGx2aThyBF9TAzIxMTU1MDAzNTIEX3MDMzk2NTQ1MTAzBHNlYwNCQUJwaWxsYXJfTklfMzYwBHNsawNQcm9kdWN0X3F1ZXN0aW9uX3BhZ2U-?link=list&sid=396545469">Get better travel answers </a>from someone who knows.<br>Yahoo! Answers - Check it out.