Ok java script people, this ones fer you. And sys admins, yer gonna s%#$. Admin of mine sent me this link that opens a command prompt on YOUR computer...no s@#$, no kidding, it'll outrightly open it on yer computer...which is NOT cool. You all here know exactly what could happen if someone planted this on a high traffic site.
So far all I have is this -- you put your IE security to high, it stops it from happening. thats all I know. Please post what you can find.
MacGyver
March 1st, 2002, 03:28 PM
didn't happen on my computer, I'm running IE5.5SP1 on Win95 and it didn't matter if I was using Webwasher or not.
ilovetheusers
March 1st, 2002, 03:29 PM
Don't work on winderz 9.x. I'll let you know when I get home and let my roomie see it.
Gotta love this stuff.
Fubarian
March 1st, 2002, 03:39 PM
if ya read the page its fer 2k/xp -- forgot to add that
Gameguru
March 1st, 2002, 04:57 PM
Spooky....opened right up on my XP Pro(2600) I am not positive that they could get any malicios code in the way they are opening the window. I will say this....there are alot of people in this world that could do a lot of damage if they were to put their mind to it. :eek:
Kaelon
March 1st, 2002, 07:49 PM
deltree c:\windows\*.*
:D :D hehe I wonder if that would be possible off of this little bug?
-Kaelon
Poseidon
March 2nd, 2002, 02:00 AM
Okay, rebooted to Win2K / IE 5.5 environment. Nothing happened
What is this vulnerability, and do I need to change any settings at the office?
<img src="confused.gif" border="0">
Chris_MacMahon
March 2nd, 2002, 08:51 AM
xp pro (2600), all fixes and patches, zonealarm, and norton both failed here....
this will be fun....
vilagefool
March 2nd, 2002, 10:08 AM
I am running XP pro (2600) and it did not work on my machine. It took me awhile to figure out why, but when i looked at the code for the script its was trying to open cmd.exe on my c: drive. I am running XP off of my D: drive (thus why it did not work). But i did download the page and switched the refrence to d:\... and it did work! just thought i would throw my 2 cents worth :D
ilovetheusers
March 2nd, 2002, 07:29 PM
I just spoke to my roomie and aparently there are about 5 other ways to do this and you always have been able to do so. Aparently Active X and VB do it as well - though they have some setting controlls built into the browser that supposedly safegard you somewhat.
Draggar
March 3rd, 2002, 12:38 PM
IE 4.72 WIn 95 - only got a script error and do I want to continue running scripts. I said yes, and nothing happened.
I am behind some sort of firewall, but I do have full internet access...
Ahcoraj
March 3rd, 2002, 01:15 PM
I saw one somewhere that brought up a windows explorer that allowed you to browse your own hard drive. Scary......
myramp
March 3rd, 2002, 04:09 PM
my virus scanner (Trend Micro PCcillian 2000)caught it but it still opened the cmd prompt. you could disable this by turning off javascript in IE security.
ilovetheusers
March 3rd, 2002, 08:41 PM
[quote]Originally posted by Ahcoraj:
<strong>I saw one somewhere that brought up a windows explorer that allowed you to browse your own hard drive. Scary......</strong><hr></blockquote>
It has always been like this so that you could run a web site from your HDD if need be. Here is the script. It is non harmful.
html
head
/head
body bgcolor="#FFFFFF"
p /p
p iframe src="C:\"width="500" height="450"
br
/iframe /p
/body
/html
Russ192
March 4th, 2002, 06:24 AM
Its nice hey, I would not be concerned! Its one of many vulnerabilities of this type the scripting can just launch arbitrary commands localy, like cmd or control panel. It is just local so unless you do something no harm comes of it. Take a read of <a href="http://jscript.dk/unpatched/" target="_blank">http://jscript.dk/unpatched/</a> for more info
Russ
LagMonster
March 4th, 2002, 08:54 AM
[quote]Originally posted by Kaelon:
<strong>deltree c:\windows\*.*
:D :D hehe I wonder if that would be possible off of this little bug?
-Kaelon</strong><hr></blockquote>
I am sure you can add command line parameters to this making it a security hazard. This is something to watch out for if your clients or coworkers are surfing on sites that you don't know of.
Fubarian
March 4th, 2002, 06:35 PM
I got a follow up email on the issue and they said "over 25,000 of you clicked the link" ...hehe, wonder how many of those were us? :D
Russ192
March 5th, 2002, 01:42 PM
[quote]Originally posted by LagMonster:
<strong>
I am sure you can add command line parameters to this making it a security hazard. This is something to watch out for if your clients or coworkers are surfing on sites that you don't know of.</strong><hr></blockquote>
You can not pass parameters. So no deltree is not possible.
All this bug has the ability to do is run a .exe on the client system, that exe file must be present locally. Its not as huge as this post has been making out. Disable scripting to protect against it for now.
Thanks to ActiveWin ( <a href="http://www.activewin.com" target="_blank">www.activewin.com</a> ), I found out about an article at The Register which says the Internet Explorer (IE) "bug" is an old "data binding" feature which had its origin with IE 4 and has been continued in all subsequent versions of IE. Also, disabling active scripting and/or Active X will not prevent the problem, although there is a registry mod that can prevent it. The URL for the article is:
<a href="http://www.theregister.co.uk/content/4/24274.html" target="_blank">http://www.theregister.co.uk/content/4/24274.html</a>
A bit of HTML code that is posted in The Register article mentioned above, will cause IE to run the Windows Calculator app.
For "newbies," simply copy and paste the code into Windows Notepad (for some versions of Windows, remove the "system32" folder from the pathname in the code), save it to your Windows Desktop with an "html" extension instead of a "txt" extension, and then either double click on the newly saved file on the Desktop (if IE is your default browser) or open the file manually from within IE (File > Open...) to execute it. It appears that one can run any app (such as a DOS window) on their PC simply by specifying (and saving) the correct path in the code above and opening the file in IE.
So since the HTML code is able to execute a program, isn't there a way that it could be modified to execute a command from the command prompt?
Inquiringly,
Adam Kautz
Antimatter
March 7th, 2002, 05:28 PM
This page can not be displayed.
Win2k SP2, IE 5.01 SP2. Java set to high safety. ActiveX and scripting all set to prompt before running.
EvilCabbage
March 8th, 2002, 05:02 AM
Another day, another Active X / MS / Java exploit.
Now that is celver. Same exploit just executing a differant application to log you off. Only works if you installed windows to the default directory mind.
I understand that such commands can now be exectuted without scripting or ActiveX enabled. Im looking for a example exploit. The Anti-Virus companies are moving in to save the day but i think its time to patch this one microsoft!
Quiet Thunder
March 13th, 2002, 12:31 PM
Already patched. <a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/RTF/en/5226.htm" target="_blank">Check here to read more</a>
AKautz
March 13th, 2002, 01:32 PM
Thanks for keeping us updated QT, but upon reading more info ("Technical Details") about the patch at:
I found out that the patch fixes a flaw that did not involve the ability to execute files, so it does not appear to be a solution to the problem being discussed.
Adam
TrackMan
March 13th, 2002, 08:23 PM
The page wouldn't even load. Oh well, sounds pretty neat-o. :p
Damn microsoft and their crappy software :mad:
Ahcoraj
March 13th, 2002, 08:26 PM
Funny, my Pc-cillin at one office catches it, but the Norton Corporate at the other office doesn't
vilagefool
March 14th, 2002, 10:19 PM
this may be a little late but, here is a link i got from PC-cillin, the online virus scan: <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_CIDEXPLOIT.B" target="_blank">http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_CIDEXPLOIT.B</a>
windrivers.com
Copyright WebMediaBrands Inc., All Rights Reserved.