RE: Object Data IE Exploit

From: Dom De Vitto (dom_at_DeVitto.com)
Date: 09/27/03

Next message: Ganbold: "Re: sample buffer overflow exploit problem"

Previous message: Pedro Jota Calvorota: "Object Data IE Exploit"
In reply to: Pedro Jota Calvorota: "Object Data IE Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Pedro Jota Calvorota'" <calvorota@ya.com>, <vuln-dev@securityfocus.com>
Date: Sat, 27 Sep 2003 20:19:49 +0100

I believe that Apache supports 'meta' files that allow you to specify
the exact headers used for delivered files.

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto Tel. 07855 805 271
http://www.devitto.com mailto:dom@devitto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

-----Original Message-----
From: Pedro Jota Calvorota [mailto:calvorota@ya.com]
Sent: Saturday, September 27, 2003 11:40 AM
To: vuln-dev@securityfocus.com
Subject: Object Data IE Exploit

Im triying to reproduce the object data exploit in IE discovered in august
by eeye in my own machine, I get to do it adding this in the first line of
the exploit file (cmd.php):

<?php header("Content-type: application/hta"); ?>

and, as you know, calling the file like this:
<html>
<object style="display:none" data="cmd.php"> </object> </html>

My question is: Is there another way to modify the content-type header? I
know there are some examples where the files are not php files. Is this way
that I "invented" to reprododce the exploit perfecly valid?

Thanks.

--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

Next message: Ganbold: "Re: sample buffer overflow exploit problem"

Previous message: Pedro Jota Calvorota: "Object Data IE Exploit"
In reply to: Pedro Jota Calvorota: "Object Data IE Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]