Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Full Disclosure>
  3. Full-Disclosure
Trivial injection and message spoof security mailing list archives
choose.a.username at hushmail
Aug 3, 2002, 7:48 AM
Post #1 of 2 (647 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you keep an eye open for unusual messages to posted to mailing lists, you can catch some really silly errors. Today there is a bounce on neohapsis from the ezmlm program manager revealing the mailto for neohapsis vuln-dev archive.

Last year cotse.com had an errant posting on their archive for bugtraq's mailto.

Below is an injection directly to neohapsis archive. Testing cotse's, possibly the same will show up in the next hour.

http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0430.html

the message is happily lifted from humorix.org and modified accordingly.


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmYEARECACYFAj1L7CkfHGNob29zZS5hLnVzZXJuYW1lQGh1c2htYWlsLmNvbQAKCRDT
5JkCl0iMkPGnAJ0VgYJQMJFgWC6SYravPE6sHr0OrQCgl5kNOKT9C6VmQHNM833pW49s
5Jg=
=TXt0
-----END PGP SIGNATURE-----


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
Re: Trivial injection and message spoof security mailing list archives [ In reply to ]
choose.a.username at hushmail
Aug 3, 2002, 8:10 AM
Post #2 of 2 (620 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://packetderm.cotse.com/mailing-lists/todays/0019.html

don't make your mailto autofeeds so obvious.

On Sat, 3 Aug 2002 07:48:10 -0700, full-disclosure@lists.netsys.com wrote:
>If you keep an eye open for unusual messages to posted to mailing lists, you can catch some really silly errors. Today there is a bounce on neohapsis from the ezmlm program manager revealing the mailto for neohapsis vuln-dev archive.
>
>Last year cotse.com had an errant posting on their archive for bugtraq's mailto.
>
>Below is an injection directly to neohapsis archive. Testing cotse's, possibly the same will show up in the next hour.
>
>http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0430.html
>
>the message is happily lifted from humorix.org and modified accordingly.
>
>

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmYEARECACYFAj1L8UkfHGNob29zZS5hLnVzZXJuYW1lQGh1c2htYWlsLmNvbQAKCRDT
5JkCl0iMkIYBAJ9oGJkheeG96oxFpcXaylCLcXV2KQCfZQzLlw0ysA/6Y3ddjDOjVSof
7jo=
=Gxxe
-----END PGP SIGNATURE-----


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal