Re: Spyware/adware and Internet Explorer

From: Steven Burn (services_at_it-mate.co.uk)
Date: 02/03/04


Date: Tue, 3 Feb 2004 15:47:49 -0000

Frode <news@mascot.REMOVETOREPLY.dyndns.org> wrote in message
news:3lcv10pbnl515p2s80o5f20abirmqkp1vl@4ax.com...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Steven Burn wrote:
> >There are plenty of examples on places such as;
> >
> >www.planet-source-code.com
>
> A search for exploit in asp/vbscript gives 1 hit. The same goes for
> java/javascript. Where are the examples?
>
> >www.aspfaq.com
>
> A search for the word "exploit" gives 6 hits. None of which are terribly
> relevant. A general google search for "asp exploits" does give some hits,
> most of which seem to concern server, not client, compromise. Rather
> logical given the nature of ASP as far I'm aware of its purpose
> (server-side scripting).
>
> >www.javascriptsource.com
>
> Not a single hit on search for the word exploit.
>
> >Along with a ton of others
>
> Anything concrete? None of those sites have obvious sections covering
proof
> of concept for browser-independent exploits.
>
> I was thinking more along the lines of an example of a working exploit
that
> covertly installs a payload. You can google up a bunch of sites with
> examples of working IE exploits to click. None of which I've gotten to do
> anything malicious outside of IE. Just give me one concrete place to go
> find a browser independent exploit I can click and see the effects of.
>
>
> - --
> Frode
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
>
> iQA/AwUBQB++CeXlGBWTt1afEQJhEwCg3WrN46y7u5XMU6wMbsauy6Vn0FUAoOhJ
> 7QdmTF9hNk7IkjoBgj/3c64B
> =XgwH
> -----END PGP SIGNATURE-----
>

Here's a quick javascript example for you (note: I am not a "seasoned" java
developer, so the following is pseudo code only).

<script language="Javascript">
    window.open(http://www.domain.com/anyfile.doc, "wordWin");
function exec (command)
{
netscape.security.PrivilegeManager.enablePrivilege("UniversalExecAccess");
    return java.lang.Runtime.getRuntime().exec(command);
}
exec ("C:\\...\\anyexe.exe")
</script>

--------
Some light research for you.........

http://www.google.co.uk/search?q=browser+exploit&hl=en&lr=&ie=UTF-8&oe=UTF-8
&start=20&sa=N

Some light reading for you (hope you have a few hours)

http://www.hack3r.com/index.cfm?sec=programming&page=4
http://www.hack3r.com/index.cfm?sec=texts&page=1

The website's I mentioned WILL NOT list them as exploits simply because they
are exploits (I'd have thought that was common knowledge).

--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
Disclaimer:
I know I'm probably wrong, I just like taking part ;o)