Metasploit mailing list archives
ie_unsafe_scripting
From: spinbad <spinbad.security () googlemail com>
Date: Fri, 23 Oct 2009 21:31:06 +0200
Hi Attached you find a exploit module which can be used if a administrator set the IE security zone setting "Initialize and script ActiveX controls not marked as safe" to "enable". The default setting is "disabled", but I had two cases where it was enabled for the intranet zone in a large network, making it a perfect attack vector for internal pentests. Hope you like it. Would be cool if someone buts it into the SVN. spinbad
Attachment:
ie_unsafe_scripting.rb
Description:
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- ie_unsafe_scripting spinbad (Oct 23)
- Re: ie_unsafe_scripting egypt (Oct 25)