Карта UinZz.com Магазин ICQ номеров

UinZz.com - Магазин icq номеров. Продажа icq номеров. Купить icq номер.

Система Автоматической продажи.Купить номерок у продавца. В Магазин icqСоветы и статьи для покупателей.О насОтзывы покупателейНаши контактыФорум — Место общения!

Новости
Подмена имени файла в ICQ 2002/2003/LITE 4.0/LITE 4.1
Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT

Found this 'bug' about 1 year n a half ago.

If u drag and drop a folder containing 1 or more file from your computer into the nick of someone in your
contact
list it is possible to send a full directory... The possibility to send a full directory alredy poses a
security risk in my opinion! (Notice that if u click the nick then click on "send file" it is
only possible to send files, not directories, but dragging and dropping a folder with files into a nick in
your
contact list it is really possible. your "friend" will receive it and will be able to see only this:

Incoming files: 1 dir, X files
(where x is the number of files contained in the folder)


letґs say the folder name is Dir12 and the first filename is ABCD.EXE and u dont want your friend to view the
.EXE extension
(notice: your friend will see this file being received as DIR12ABCD.EXE)
ICQ seems to leave the final file extension hidden if you use capital letters (caps lock) and if the
directory name, the '''' separating the dir name from the file name and the name of the file without the
final extension is 30-31 chars long

example:

DIR12PHOTOS OF ME AND MY AUNT.EXE

Your friend will only see this:

DIR12PHOTOS OF ME AND MY AUNT

you could also reduce the filename and insert another file extension at the end of the file, for example a
.JPG extension

If you change an executable file properties such as company name, icon and description you can fool even
more paranoid users since they will see 'company name'= JPEG Image and 'description' = 240x230 (dimensions)
and put the JPEG default icon. as the file is inside a folder, it will not show its final extension, since by
default windows doesnґt show extensions for known file types.

It seems to even bypass the Windows XP SP2 file execution warning message

impact: Spoof

Solution: upgrade to the latest ICQ Lite version. ICQ PRO was discontinued and it is vulnerable to this
issue. notice that enabling windows explorer to show files extensions will not completely solve this issue
since some files will continue to keep the extension hidden such as lnk and shs.

ps: I tested it on ICQ 2003a, 2003b , Lite 4.0 and Lite 4.1 on a Windows XP machine, but I guess previous
ICQ versions are also vulnerable on any other windows version.
[ 17.02.06 / alkaed ]
 [ коммент 0 ]

Ник:
Мыло:
Смайл: smile wink wassat tongue laughing sad angry crying ermm brows shok gigi  

| Не запоминать
· Главная
· Как купить
· Магазин icq
· Онлайн Магазин
· ICQ за SMS
· ЧаВО
· Форум
· Статьи про iCQ
· ICQ софт
· Сотрудничество
· Отзывы
· О Сайте

1411444  ICQ Службы поддержки
support@uinzz.com  E-Mail Службы поддержки

Как вы узнали о нас?
Друзья
Поисковик
Ссылка
Наткнулся

.:: UinZz.info ::.
.:: Секреты ICQ ::.
.:: makak.ru ::.
.:: азведка" ::.
.:: Landgraph ::.
.:: KoLyan.Net ::.
.:: QIP,ICQ,&RQ ::.
.:: Chukcha.NET ::.
.:: Friends.kZ ::.
.:: КиноШара ::.
.:: DamageLab ::.
.: Хулиганофф НЕТ :.
.:: DKCS IT team ::.
.:: IRPortal.Ru ::.
.:: halava.info ::.
.:: CitySmile.ru ::.
.:: SecNull Team ::.
.:: MSDteam.com ::.
.:: StavSota ::.
.:: SmartMovie ::.
Идёт обмен ссылками ;) Если интересно ждем в icq 1411444

WebMoney



Яндекс Индекс цитирования




© Магазин ICQ UinZz.Com, 2002 - 2008 Аттестованный участник системы WebMoney