Jump to content
nullbyte

Yahoo Bug ;)

By nullbyte, in Exploituri

Recommended Posts

nullbyte Newbie

nullbyte

Posted
Posted

Buna, recent am luat .bat-ul acela ce scoate reclamele din Yahoo! 8. M-am uitat la cod:


@ECHO OFF
TITLE Remove ads from Yahoo Messenger 8

> %TEMP%.\noYMads.reg ECHO REGEDIT4
>>%TEMP%.\noYMads.reg ECHO.
>>%TEMP%.\noYMads.reg ECHO [HKEY_CURRENT_USER\Software\Yahoo\Pager\YUrl]
>>%TEMP%.\noYMads.reg ECHO "Messenger Ad"="*"
>>%TEMP%.\noYMads.reg ECHO "Webcam Upload Ad"="*"
>>%TEMP%.\noYMads.reg ECHO "Webcam Viewer Ad"="*"
>>%TEMP%.\noYMads.reg ECHO "Webcam Viewer Ad Big"="*"
>>%TEMP%.\noYMads.reg ECHO "Webcam Viewer Ad Medium"="*"
>>%TEMP%.\noYMads.reg ECHO "Change Room Banner"="*"
>>%TEMP%.\noYMads.reg ECHO "Conf Adurl"="*"
>>%TEMP%.\noYMads.reg ECHO "Chat Adurl"="*"
>>%TEMP%.\noYMads.reg ECHO "Y Content"="*"
REGEDIT /S %TEMP%.\noYMads.reg
DEL %TEMP%.\noYMads.reg

ATTRIB -R "%PROGRAMFILES%\Yahoo!\Messenger\Cache\urls.xml"
ECHO "" >"%PROGRAMFILES%\Yahoo!\Messenger\Cache\urls.xml" 
ATTRIB +R "%PROGRAMFILES%\Yahoo!\Messenger\Cache\urls.xml"

M-am gandit: Yahoo navigheaza folosind Iexplorer undeva unde sunt reclamele... deci as putea sa fac messengerul sa se duca unde vreau eu. Salvati urmatorul cod in Notepad cu extensia .bat.


@ECHO OFF
TITLE Yahoo bug by nullbyte.
taskkill /F /IM YahooMessenger.exe
> %TEMP%.\noYMads.reg ECHO REGEDIT4
>>%TEMP%.\noYMads.reg ECHO.
>>%TEMP%.\noYMads.reg ECHO [HKEY_CURRENT_USER\Software\Yahoo\Pager\YUrl]
>>%TEMP%.\noYMads.reg ECHO "Messenger Ad"="http://www.intermoney.co.cc/hey.html"
>>%TEMP%.\noYMads.reg ECHO "Webcam Upload Ad"="http://www.intermoney.co.cc/hey.html"
>>%TEMP%.\noYMads.reg ECHO "Webcam Viewer Ad"="http://www.intermoney.co.cc/hey.html"
>>%TEMP%.\noYMads.reg ECHO "Webcam Viewer Ad Big"="http://www.intermoney.co.cc/hey.html"
>>%TEMP%.\noYMads.reg ECHO "Webcam Viewer Ad Medium"="http://www.intermoney.co.cc/hey.html"
>>%TEMP%.\noYMads.reg ECHO "Change Room Banner"="http://www.intermoney.co.cc/hey.html"
>>%TEMP%.\noYMads.reg ECHO "Conf Adurl"="http://www.intermoney.co.cc/hey.html"
>>%TEMP%.\noYMads.reg ECHO "Chat Adurl"="http://www.intermoney.co.cc/hey.html"
>>%TEMP%.\noYMads.reg ECHO "Y Content"="http://www.intermoney.co.cc/hey.html"
REGEDIT /S %TEMP%.\noYMads.reg
DEL %TEMP%.\noYMads.reg

ATTRIB -R "%PROGRAMFILES%\Yahoo!\Messenger\Cache\urls.xml"
ECHO "" >"%PROGRAMFILES%\Yahoo!\Messenger\Cache\urls.xml" 
ATTRIB +R "%PROGRAMFILES%\Yahoo!\Messenger\Cache\urls.xml"

Fisierul hey.html contine urmatorul cod:

<script>alert('Yahoo bug by nullbyte. nJoy!');</script>

Acum, rulati fisierul .bat creeat de voi de mai sus.

Vi se va inchide messul. Porniti-l si logati-va. Supriza! MessageBox :D

E prezent peste tot unde ar trebui sa fie reclame. Apare o data la 5 minute. Ca sa scapati de el rulati primul script, codul initial.

Have fun.

Link to comment
Share on other sites
Grunt Newbie

Grunt

Posted
Posted

Nu e un bug. Yahoo Messenger chiar foloseste IE (un dll sau ocx... nu am de unde sa stiu asta) sa se conecteze la un site. Adresa site-ului o cauta in registru, dupa cum se vede in cod: HKEY_CURRENT_USER\Software\Yahoo\Pager\YUrl.

Practic, ai modificat site-ul (-urile) din registru, si el s-a conectat la pagina pe care i-ai dat-o acolo.

Link to comment
Share on other sites
CODEX Newbie

CODEX

Posted
Posted

Si tu ca un user cu putine posturi explicale celorlalti care nu si-au dat seama ca nu e un bug ca e un trik dohhh ma

chiar nu avea rost sa postez deoare tot aia sa zis si mai sus ! in loc sa zici tu ca e un trikck nu bug mai bine zi ceva intelgent

Link to comment
Share on other sites
loki Newbie

loki

Posted
Posted

mersi frumos, chiar saptamana asta eram curios de unde ia insiderul. Nu stiu daca ma ajuta cu ceva dar intrebare: visual basic am inteles ca are acces la registri, asa e :twisted: ? apropo are si javascript? :twisted: ... remote cu xss or umblu iar dupa sf-uri?

Link to comment
Share on other sites
loki Newbie

loki

Posted
Posted
js-ul e mult prea slab pentru asta si daca ar avea js-ul acces la registrii cum are vb-ul inseamna ca firefox era de mult varza... in fine ce vruiai sa faci cu js :D

ah bagam un apropo la java. La xss ma intereseaza. "><script language=vbscript>.... mi-e tot una cu java (numa ca vbscript nu bate in mozilla daca nu ma insel. Desi...)

Is perplex la visual basic (mai bag in word cand am nevoie). Dati-mi o comanda sa bag ceva in HKLM/software/microsoft/windows/current version/run daca nu e cu suparare (da ca un apropo, nu schimbam topicul)

Link to comment
Share on other sites
vladiii Newbie

vladiii

Posted
Posted

Daca acela este Internet Explorer_Server... atunci se poate profita de toate vulnerabilitatile IE-ului (cu exceptia celor remote, evident). Nu am incercat, dar codul urmator (salvat in .html si uploadat undeva pe server) ar trebui sa crashuie Y!M:


<style>#page div p:first-child:first-letter{border-bottom: 2px ridge;}</style><div id='page'><div>

[b]a

Marfa !

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...