[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Re: Re: Fedex Kinkos Smart Card AuthenticationBypass
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Re: Re: Fedex Kinkos Smart Card AuthenticationBypass
- From: "Dave Korn" <davek_throwaway@xxxxxxxxxxx>
- Date: Thu, 2 Mar 2006 13:26:07 -0000
Lance James wrote:
> Dude VanWinkle wrote:
>> On 2/28/06, Lance James <bugtraq@xxxxxxxxxxxxxxxxx> wrote:
>>>
>>> Our response:
>>>
>>> http://ip.securescience.net/exploits/P1010029.JPG
>>>
>>
>> lol, now thats a funny picture!
>>
>> So am I to assume that normally you can go beyond 31337 on a Kinko's
>> card and this is a modding of the original to produce the displayed
>> picture?
>>
>>
>
> The max is $100.00
Given this bit...
> card as an ExpressPay stored-value card. Bytes 0x20 through 0x27
> contain the value stored on the card, represented in IEEE 754
> double-precision floating point format. Bytes 0x60 through 0x6A
.... was there anything to have stopped you loading the card with ... say
.... $1.7976E+308 ?
:P LOL, using an fp double to store an amount of currency. Hmm, maybe
it's not the range, but the precision they want. Maybe it's not that
they're expecting Bill Gates to use their cards after all. Maybe they're
expecting people to load them up with units of femtocents?
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/