jelmer wrote:
just looked at it, the authors messed up , so no it shouldn't work, it doesn't work here
they didn't get that error.jsp is a java server page (something roughly equivalent to asp and php) that sets the response code to something that triggers the res file to be loaded
The exploit worked fine here on an XP Home machine with all patches and the latest version of I.E. I changed the executable that ran to ipconfig.exe so I knew what would be running on my computer. I could see the window open, saw the output of ipconfig.exe flash by, and the wmplayer.exe file was replaced by the contents of ipconfig.exe.
If the IE configuration was changed to disallow opening content in the media bar, then the error.jsp page was called which resulted in a 404. I cannot say for certain that ipconfig.exe did not run but I didn't see it and the wmplayer.exe file was unchanged. Similar results were seen logging in as a non administor user account.
The I.E. configuration change is shown here: http://www.jmu.edu/computing/security/info/iebug.shtml
I am not familiar enough with the exploit mechanisms to determine how effective this is but I suspect not very except against the script kiddies that will cut and paste the posted exploit.
-- Gary Flynn Security Engineer - Technical Services James Madison University
Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html