And now the person that wanted to make money is losing it because of you people being so nosy! Sniff Sniff =)<br><br><div><span class="gmail_quote">On 7/9/07, <b class="gmail_sendername">Nicob</b> <<a href="mailto:nicob@nicob.net">
nicob@nicob.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Le lundi 09 juillet 2007 à 08:46 -0500, Charles Miller a écrit :
<br>> Also, the vulnerability Nicob pointed out was pre-auth (mine was post-<br>> auth).<br><br>Simply sending an email to an user using the PGP plugin was enough to<br>compromise the server hosting SquirrelMail. That's nice, as the webmail
<br>URL doesn't have to be known. The server can even be unreachable from<br>the Internet.<br><br>That's imho more than pre-auth, as you can blindly send tons of mails to<br>random addresses and compromise some servers.
<br><br>592 function gpg_check_sign_pgp_mime($message,$fullbodytext) {<br>[...]<br>639 //$messageSignedText = escapeshellarg($messageSignedText);<br>640 $messageSignedText = ereg_replace("\"", "\\\"",$messageSignedText );
<br>[...]<br>661 $command = "echo -n \"$messageSignedText\" | [blablabla]<br><br>Nicob<br><br><br><br><br><br>_______________________________________________<br>Dailydave mailing list<br><a href="mailto:Dailydave@lists.immunitysec.com">
Dailydave@lists.immunitysec.com</a><br><a href="http://lists.immunitysec.com/mailman/listinfo/dailydave">http://lists.immunitysec.com/mailman/listinfo/dailydave</a><br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.goldwatches.com/watches.asp?Brand=14">
http://www.goldwatches.com/watches.asp?Brand=14</a><br><a href="http://www.jewelerslounge.com">http://www.jewelerslounge.com</a>