Hallo Julius, after our team was reading your messages in the morning, i want to respond shortly with some facts.
It was a file object code execution to use it as html injection was only one attack vector and you have choosen the smallest. Your view on the issue is restricted to see also other exploitation vectors because you do not want to grant the researcher the disclosure of the awesome vulnerability. A Command injection (file|path) in the main menu with ability to load more usb content, a file object code execution with affect to the core menu, a persistent script code injection (you named useless). In your first response you said it is bullshit, the secound time you answered with "i reproduced ... and it was only a html inject". When you are able to repro, load via a command inject the .sfo as file with the followup code to execute from the main context menu like benjamin did. On his test he prepared a usb to load with the first char by char inject the secound file code through the filter for an execution. Sony japan got informed about the 7 discovered issues by the german ps3 community team (MUC). Pictures: http://www.bilderload.com/bild/309728/cfu33780QKQ.png & http://imageshack.us/photo/my-images/708/cfu337.png/ In the submission benjamin provided with the firmware issue a password reset session vulnerability in the psn network but also different minor priority issues. http://www.vulnerability-lab.com/get_content.php?id=740 bye > spyro_dmK -- VULNERABILITY RESEARCH LABORATORY LABORATORY RESEARCH TEAM CONTACT: [email protected] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
