Vulnerability Development mailing list archives
RE: Object Data IE Exploit
From: "Dom De Vitto" <dom () DeVitto com>
Date: Sat, 27 Sep 2003 20:19:49 +0100
I believe that Apache supports 'meta' files that allow you to specify the exact headers used for delivered files. Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Tel. 07855 805 271 http://www.devitto.com mailto:dom () devitto com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: Pedro Jota Calvorota [mailto:calvorota () ya com] Sent: Saturday, September 27, 2003 11:40 AM To: vuln-dev () securityfocus com Subject: Object Data IE Exploit Im triying to reproduce the object data exploit in IE discovered in august by eeye in my own machine, I get to do it adding this in the first line of the exploit file (cmd.php): <?php header("Content-type: application/hta"); ?> and, as you know, calling the file like this: <html> <object style="display:none" data="cmd.php"> </object> </html> My question is: Is there another way to modify the content-type header? I know there are some examples where the files are not php files. Is this way that I "invented" to reprododce the exploit perfecly valid? Thanks. -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
Current thread:
- Object Data IE Exploit Pedro Jota Calvorota (Sep 27)
- RE: Object Data IE Exploit Dom De Vitto (Sep 29)