Skype Support Network Subscription: 1 Update: Betreff: Skype is Hacked ! Win32.Trojan.Agent.Gen schleicht sich durch die Accounts

ISSUE #1 POC Proof of Concept: ================= The vulnerability can be exploited by remote attackers with low privileged application user account and with low or medium required user inter action. For demonstration or reproduce ... Skype Support Network Subscription: 1 Update: Betreff: Skype is Hacked ! Win32.Trojan.Agent.Gen schleicht sich durch die Accounts

Betreff: Skype Support Network Subscription: 1 Update: Betreff: Skype is Hacked ! Win32.Trojan.Agent.Gen schleicht sich durch die Accounts

Von: Community Mailer

Datum: 06.10.2012 16:04

An: rm01x

Skype Support Network Subscription: 1 Update: Betreff: Skype is Hacked ! Win32.Trojan.Agent.Gen schleicht sich durch die Accounts

Hello <[[PERSISTENT INJECTED SCRIPT CODE AS USERNAME!]]>,

You have 1 update for your Skype Support Network Subscriptions.

Subscription to Thema: Skype is Hacked ! Win32.Trojan.Agent.Gen schleicht sich durch die Accounts (1 Update)

There was a new Antworten.

Subject:	Betreff: Skype is Hacked ! Win32.Trojan.Agent.Gen schleicht sich durch die Accounts
Author:	Methu (New Member)
Date:	06-10-2012 16:04

To manage your subscriptions or to change your subscription options, click here.

If this link doesn't work:

Log on to Skype Support Network.
Click My Profile.
Click the Subscriptions & Bookmarks tab.
Change your settings and click Save Changes.

Thanks for being a Skype Support Network member.

Your Skype Support Network Team

Skype Support Network sent this message to admin@vulnerability-lab.com.

Did not request this email yourself? Click this link to permanently prevent your email address being used on our community (NB: You won't be able to use the address yourself in the future).

-------------------------------------------------------------------------------------------------------------- Issue #2 POC Proof of Concept: ================= The vulnerability can be exploited by remote attackers with low or medium required user inter action and with skype application service user account. For demonstration or reproduce ... Send to Friends: http://community.skype.com/t5/notifications/notifymoderatorpage/message-uid/1062818 http://community.skype.com/t5/notifications/emailmessagepage/board-id/de_computer_windows/message-id/6304 Problem Reporter: http://community.skype.com/t5/notifications/notifymoderatorpage/message-uid/1075268 Support: https://support.skype.com/de/support_request_form?needsLogin=true&topic=6270000000026383241&problem=6270000000028975692 PoC: Einladung zum Besuch bei Skype Support Network

Betreff: Einladung zum Besuch bei Skype Support Network

Von: rm01x

Datum: Tue, 25 Sep 2012 15:32:34 -0700 (PDT)

An: 01x445 <01x445@gmail.com>

Einladung zum Besuch bei Skype Support Network rm01x (admin@vulnerability-lab.com) bei Skype Support Network findet es faszinierend, hilfreich, interessant, nützlich, provozierend, zum Nachdenken anregend oder einfach cool. Wir hoffen, Sie besuchen Skype Support Network und schauen es sich mit eigenen Augen an.

http://community.skype.com/skypec/board/message?board. id=de_computer_windows&message.id=6304#M6304

rm01x sagt:

>"<[PERSISTENT INJECTED MALICIOUS SCRIPT CODE!]/"> Note: The attacker can send the code via send to friends to hijack customer accounts or via problem reporter to a moderator or administrator of the skype community. The script code will be executed directly out of the unsanitized message body of the mail. The vulnerability also exists in the skype main server when requesting via automatically help or contact forms. The outgoing mail with the malicious script code as values can be send to users/customers or to the moderator/administrator.