[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200309152319.h8FNJJop084958@mailserver3.hushmail.com>
From: titus at hush.com (titus@...h.com)
Subject: IE Object Type Validation Vulnerability Exploit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Download makevbs from the following URL http://rattlesnake.at.box.sk/newsread.php?newsid=7.
You can use it to create a VBS script to upload and execute any file
you want.
- -titus
- ----- Original Message -----
From: n30
To: phlox ; full-disclosure@...ts.netsys.com
Sent: Monday, September 15, 2003 6:37 PM
Subject: Re: [Full-Disclosure] IE Object Type Validation Vulnerability
Exploit
Thanks a lot guys for your reply...The things work like a charm..
I am now trying to understand the content of .php so that i can execute
nc.exe instead of mal_ware.exe. Also is it possible to execute nc.exe
from http://somewhere instaed of from local system?
Any help/link/pointers greatly apprciated
Thanks
- -N
- ----- Original Message -----
From: phlox
To: full-disclosure@...ts.netsys.com
Sent: Monday, September 15, 2003 1:43 PM
Subject: Re: [Full-Disclosure] IE Object Type Validation Vulnerability
Exploit
page.php > page.hta
look at page.hta attachment?
- -phlox
- ----- Original Message -----
From: n30
To: full-disclosure@...ts.netsys.com
Sent: Monday, September 15, 2003 12:46 PM
Subject: [Full-Disclosure] IE Object Type Validation Vulnerability Exploit
Guys,
Any body knows of any exploit for the Object type vuln
Eeye has a POC http://archives.neohapsis.com/archives/vulnwatch/2003-
q3/0084.html
But I need something more firm for demonstartion.
Any links/pointers apprciated
Thanks in advance
- -N
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3
wkYEARECAAYFAj9mSQ4ACgkQlM5X+CwKCzEiCgCgtOZko/6P7bwfcxgSZxIoB07m6NUA
n2MZO5adNOj2RYbii2084yWYlEKE
=Hy/5
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists