Stated so by just one man!!
Code here: http://cryptolib.com/ciphers/skype/
Download before it will be removed ;-)
Jul 12, 2010
Jul 11, 2010
Corporate OWA owners..pay attention to your click!!
A CSRF vuln in MS OWA till 2007 SP2 expose corporate/provider mail to be pwned.. Detail here:
http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails
Update: my further investigation revealed that vulnerable OWA platform (i can confirm till 2007 SP2 included) doesn't check the HTTP referrer of owa cmd query so exposing webmail to CSRF attack (Cross Site Request Forge).
Many action in OWA context can be exploited like setting a all-inbox forward rule, sending a forged mail, access&steal contact list, delete mail, etc..
Imagine all this combined togheter.. and you got the first amazing OWA worm (POC under development)!!
Remember..
OWA 2007 patched in SP3
OWA 2003 no more supported, no party!! :-(
Have fun
http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails
Update: my further investigation revealed that vulnerable OWA platform (i can confirm till 2007 SP2 included) doesn't check the HTTP referrer of owa cmd query so exposing webmail to CSRF attack (Cross Site Request Forge).
Many action in OWA context can be exploited like setting a all-inbox forward rule, sending a forged mail, access&steal contact list, delete mail, etc..
Imagine all this combined togheter.. and you got the first amazing OWA worm (POC under development)!!
Remember..
OWA 2007 patched in SP3
OWA 2003 no more supported, no party!! :-(
Have fun
Theory about Aurora's backstage
A one way confirmation theory about who's behind the "Aurora Operation":
http://www.scribd.com/full/33788819?access_key=key-1lcdjsqzz3z5v5apqrfu
Do you agree?? Naaaaaaa...
http://www.scribd.com/full/33788819?access_key=key-1lcdjsqzz3z5v5apqrfu
Do you agree?? Naaaaaaa...
Subscribe to:
Posts (Atom)
