BugTraq
MS14-080 CVE-2014-6365 Code Jan 14 2015 05:57PM
DiéyÇ? (dieyu dieyu org)
The attached file is exactly the code that I sent to
Microsoft Security Response Center "MSRC"
(Screenshot pictures are deleted)

Technical details were said in this post:
MS14-080 CVE-2014-6365 Technical Details Without "Nonsense"
(So I don't repeat here)

The attached file is 4124 bytes.
The attached file contains html/php/txt.
(All readable by plain text editor)

Regards,

PS

I didn't publish this in the first post,
because it has XSS vulnerability of a big name
United Nations "UN"
(Frankly they look like - sigh)
My style is realism. So here we go.
PKû?.Fieunxss-HTML_PHP_TXT/about/PK?®|E¦Þ½},?#ieunxss-HTML_PHP
_TXT/about/show.txtU=oGíè? ®­?"!?é?iI¥?ÃéF·CÞF{;ôî©ëâ6?ãÂ?ËiT§t?J#BRç/dæN'YI? ?¨»Û7ofÞ|ì?ï?Ú??g0Ã?«+¬#$??9?áúÚ&?-U½??|äã`?±Ç?,ùÞa¹ `ÑÁ ɏ ÷
ëðÇ?ð
õ÷­£ØL¶ìÆ?ä6"ì?§h#ì wäü?
áÄ?ÖaÞ?û䨲}2úk4$üúî÷¦?ñ­ÍÐ?ØÚ÷â?ð2?5¬³¼@¯)dcË1©
?p
y~NFx/+ ÙTÛëkëkR;?±³òIYý¼Â9©?ÖÕD,?¥÷ h?C6Õ° OÄ /?wê{½áþ¤
,ñy?[WÉç?ªT½<N;rÙa"mm=?ê«®^¥?]]Z+Øc\â×Ü<ôÇä¯.,?¡|:B?U1V¥[?MÙþ
ViÝ(?Æb=÷Oí¥Ö`âÔ?T¬HÔ8¡Rz!WæYàþHxåU§6àJ]?Å?'¥ÚCcX²ê?
+q£ ÞàÆ)Õä½BGnÞ²a?½ë﾿~óîúÍÛ66
|Þ0~YñM*RRÉ*?Çù¾?¢¶DgôËk)«P/1t)J
{XåØé!Õ§ÊÛR?s ?dä¶$×ï_;ùûíU¨ôà?êLS<¶s
¿óvý?YE?¤¥Õ%¼}h|Ôm??ôK.Å×SÕê\Û&~?)Qð?ÓÚ : ´ú/? +Å)úõª_WãjPAhq ¸îä´ pÚÙ2|?ä¬í?h?pºhºy lÃÔB¬Ï]eDÁnm´q5c?éçUÁN~98#¢?_©ëí¤è?¢:*Ù? 'åEÖ»]íȦ_<Ëüõ"³?³?qå?×;&?FÝSúP*zæ¡Ò,ª`gukeQ-ôyA¬Cº%/??ö ??¬Ûå'±)
ÒcI?Æ?õ¾¢?ô?Åv[5W°²b¢âDiM±À9Ê?V>Yz±Þ?Çâ3JJ?­Hª?¨jÿų½?õ?¤
©ü§»ÃÝÆ[¡?R ü×@?Nkø\ðj»Ï&ë=£%ɾ°?ÃÎÃáÎî-Ìä"*I¶ÜÝúºF©Ò?`I¡îÖæý« ?»@×àdIplÔxþ¹
s ;Þ;¯÷?g¨%Îda¶ó
??Øëg6bËx3ÈÍv? Ì4©;/Dó¼ÉU¢q6%é¼??5.7?±Q:ÇËyÙP%8UFñ¼~´¾VZcþZÓín?
?Û;D¨Ü
?è¸Ð+½ö],?¶D¬r¹wr?!²F.?Ûå/PKú©?E\Þð¤?r"ieunxss-HTML_PHP_TXT/abo
ut/who.txt}U±rÛFí5£Ø ?È? Å?²?"cË?¢X?3?lÊ#°$nÜaî?ñ ©Ó¤OãoH?"E&ùÔù?¼(Ed<nHÜawïíÛwÿüúÛkC×\.ì
hêM?=è?V6Pȵ'£J¦?ú÷í?ÑÒÙ?ü]KMÎQò´°Î?é&gÇÝZâÁqÉEKy½bZÔ!°[í Cá!ÙãVë??Òf?3?ãý½+??PÔÚ?]dÆ3¨â¨6A$ï½jGtð¢`ï9#à́"·?Ú?=!4`£ëÁ.»ç
ë²ñA4¸TË?gÉìÙpïyU±rʤr²o%Õ*gSæL?Ù:H
á¤Äs
Þð? ´5 -9?鼬TPàdÍ®%n¹oà·Ã?#yaÓn?ø?XÇ
CÀkíõ¢Àz
¢7m4ìÃ#à_'?GC:¶?u??@r??Kæ@?¾caÊÒRLÁ)ïwPL?ÆþÞy8ð?¬}­
B¼pý04ЩDæÓ?)º?ÉwM©?±?×+sOðµí/U?[?Ë&¢håXZl»ÕÃì+@8U ÔC>­?óS?ò+?%×?
Òl¢æ §?ö9]Z£\?)h6ÎNù5ãaǹ6?&ô÷/é½Ê8>C~HQ§Ð#õ¡´BïeÐÈ9³Ùî@§3 »´2²².(
?íVå
ç?ϽS\$?­¸mâ¶ÞlÒw¼pè𤰹.c.¸Ö1gò?IOvòçÏýøÍÅä%? Öÿ$²z6B?(¦í±ÍG´?õÉî
ÎátÜæ^J®3/£ÁTúö^Öhe<=IAÍ'é?h?L¿útÄãç½?¶&K?í??¶Î ¾«ówÃI¤·7_}ÿn8Þnð?¢F?üqØ?h3?ýoG?Ü1ï??*ªºÔÝË|KV¦£vyob?e)??ÏEn ¦Ê6
h?p¸¤÷ºÔ©¦|¹EE?§Þ½ú??LÞtW?jµwÃč*ô²?ÛËó7'Ç7·}?6Xk· <ô~Í©EÑ?Ä{
>$"g³½ã[2ceZ?ûí7?®G¼°önD)£ðx?¡k?q}e¶óÔD?Þ±?ِ^pªjß¹f®ÖÂ?¢²Nsêî1
h
:ÀâÏBÛß;{}Ç\ÑéÛãWÚxvA*ݾ~ûæúäâtmuÊ?³ÎÞçÖ1ô3?Ïã¹­ØXëÈâyÈ=§2h» ÍA¾ßßsz??¸p|lC5Î?Uìjç:È9ñ?
??%BémÉBØO?dàï^Dã3[ÊUÓâ?i¡ÂüøCU@%?me%ÏbÈ=yH?#/NM¢?ß8ªØVð¬âèò$Ë´nÚ
ªÓ£¡;nVÉõEE@%´Á>"ieµÁgØ?÷N?â´µ[ª?G²0H´øw? ?#{ëm?áh§
|³ÄÑqwJøuÿAmîÓç¥:´ÿKoñ½§wݧ·^tÎÿüê?z °þò¬Xp?ÿPK¯?.F!ieunxss-HTML
_PHP_TXT/ieunxss-web/PK(^ÿD7¸d??'ieunxss-HTML_PHP_TXT/ieunxss-web
/0.html?P[Kä0~_Øÿp???N+??6ÂΪ"bwaß$mOÛ`?Ô$¥ùõ¦?ôa_ç?ï?/æษÐ%ä5?
\½¨
? ©k¯? ¼?hx~AC.Ã@`§k=fAHÛº½áI?®^?ÿ0.Ѹyxr»
a+­Ja?+ø?¦p'¤CÂ?V48?3Ã~þ?÷ÔñBç]?ÊYÚ)ªMô(sÝ å¶½ñf«?W?Üö÷ ~ë°_Â\aï?³?½ÔJ?ü
H*?V"¤ÈM^zÜ¡@?°£ê??!䵶èín­Ö½mñ?Û?kõj×M¦åäÞk¤Ó? ÃpôÞiwÍ<åÄs|p]¯×³(b³h¹ÙlfÑÙéÊæF´nlo§È}]|JÒB7\¨qw9>ù5AÆñîwÌZ7æBؽþ?Ïx$»
_?Òð}?«?³åjUí¦VùK"@¾X®?L áRê~±³°Jm?ÏÞzÐBQ EXlù½ÒPK
rþD£!{&ieunxss-HTML_PHP_TXT/ieunxss-web/1.php<?php

echo $_GET["a"];

?>PKøqÿD?½±1½µieunxss-HTML_PHP_TXT/readme.txtU?AoÛ0 ?ïò]Ö?³s?a?v[ lí?´èn?,311ZòD*?ÿý(6À°-Ñüøô? K¼?,ËÅsOv}{º?CÊ;xøß÷{øD¬?k¥F/?ÝΤ=¤??ÂϦ¶ßcÆúQmñ
/MÊÇÝrÑ«?»í¶K¡ U?keËx¡â??6qãeüp?Â~^½¿\.Ë?³»«HíÆDQ!*ßæ=@H?;èý ¡?&8??}ËglAB¦Qað?n&A>¬¡-
w?Sy# :ñ,ÙóÙO.£g?Áÿåq.@KG?~À5øØ©µJ?h?OJÚÀn³ªܦn¦QGW[7¦Ä?O#ÚæۦׁÝØÇ
cñG¬VÏü_¿âMÆ_?²ÍZÓ?(@ð?«w6³Úîs2j¸¾+?º÷7·?ãyí-?31?e£É1Uû«Eu¸ú|4
Q=¤n9s1J?Ô?Hî0Ï È&#Bk«tÂ*sþ+î?¿~ÍVãqJöô­$.?<ALyð<'xö?(iµ²B}6oR.
øáí¯?I¯÷6ÆZPKû?.Fieunxss-HTML_PHP_TXT/about/PK?®|E¦Þ½},?
# 9ieunxss-HTML_PHP_TXT/about/show.txtPKú©?E\Þð¤?r" ¦ieunxss-HTML_PHP_TXT/about/who.txtPK¯?.F!w ieunxss-HTML_PHP_TXT/ieunxss-web/PK(^ÿD7¸d??' ¶ ieunxss-HTML_PHP_TXT/ieunxss-web/0.htmlPK
rþD£!{& ~ ieunxss-HTML_PHP_TXT/ieunxss-web/1.phpPKøqÿD?½±1½µ Ý ieunxss-HTML_PHP_TXT/readme.txtPK/×

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus