• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Noah Grey Greymatter IE Bookmarklet Account Compromise Vulnerability

Greymatter is a web based log and journal maintenance system. It is written in Perl as a collection of CGI scripts, and should work under Linux and most other Unix platforms.

When the Greymatter 'bookmarklet' feature is enabled by a user, a Windows registry file is created. This file has a name of the form 'gmrightclick-n.reg', where n is a six digit decimal number. This file is world readable, and includes the author's username and password.

This file is deleted when Greymatter page navigation is used after the feature is enabled.