Thanks Guys, very helpful discussion...
Are their any other similar trojan's around?? Does any one have binary/source code for progent? What i am trying to accomplis is following Using the "NAFfileJPU" vulnerability discovered last week, I can create a malicious web site that will "javascript.alert(document.cookie) for usres. But this is useless, as the information is not transfered to me. I am trying to write a client side script that will do that for me. Any help/suggesstions/pointers appreciated Thanks -N ----- Original Message ----- From: "Pelosi, Stephen:" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 16, 2003 12:24 PM Subject: RE: [Full-Disclosure] IE Object Type Validation Vulnerability Exploit > Symantec AntiVirus detects the output file as containing a trojan > > http://securityresponse.symantec.com/avcenter/venc/data/trojan.progent.html > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, September 15, 2003 4:19 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] IE Object Type Validation Vulnerability > Exploit > > > > *** PGP Signature Status: unknown > *** Signer: Unknown, Key ID = 0x2C0A0B31 > *** Signed: 9/15/2003 4:19:42 PM > *** Verified: 9/16/2003 12:18:44 PM > *** BEGIN PGP VERIFIED MESSAGE *** > > Download makevbs from the following URL > http://rattlesnake.at.box.sk/newsread.php?newsid=7. > You can use it to create a VBS script to upload and execute any file you > want. > > -titus > > ----- Original Message ----- > From: n30 > To: phlox ; [EMAIL PROTECTED] > Sent: Monday, September 15, 2003 6:37 PM > Subject: Re: [Full-Disclosure] IE Object Type Validation Vulnerability > Exploit > > > Thanks a lot guys for your reply...The things work like a charm.. > > I am now trying to understand the content of .php so that i can execute > nc.exe instead of mal_ware.exe. Also is it possible to execute nc.exe from > http://somewhere instaed of from local system? > > Any help/link/pointers greatly apprciated > > Thanks > -N > ----- Original Message ----- > From: phlox > To: [EMAIL PROTECTED] > Sent: Monday, September 15, 2003 1:43 PM > Subject: Re: [Full-Disclosure] IE Object Type Validation Vulnerability > Exploit > > > page.php > page.hta > look at page.hta attachment? > > > -phlox > > > ----- Original Message ----- > From: n30 > To: [EMAIL PROTECTED] > Sent: Monday, September 15, 2003 12:46 PM > Subject: [Full-Disclosure] IE Object Type Validation Vulnerability Exploit > > > Guys, > > Any body knows of any exploit for the Object type vuln > > Eeye has a POC http://archives.neohapsis.com/archives/vulnwatch/2003- > q3/0084.html > > But I need something more firm for demonstartion. > > Any links/pointers apprciated > > Thanks in advance > -N > > *** END PGP VERIFIED MESSAGE *** > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
