关闭

finding the registered URL protocols

标签: protocolsurlnullpathdescriptorsecurity
562人阅读 评论(0) 收藏 举报
分类:
****************************************************************************************
URIFind is a small tool for finding all of the registered URL protocols in your system,
it is useful for reviewing security vulnerabilities about URL protocols, do you remember
the recent Firefox's "FirefoxURL" command injection vulnerability?:)

Example for using:

URIFind.exe > output.txt

The output file may like follows:

[callto]
rundll32.exe msconf.dll,CallToProtocolHandler %l

[file]

[FirefoxURL]
C:/PROGRA~1/MOZILL~1/FIREFOX.EXE -requestPending -osint -url "%1"

[ftp]
"C:/Program Files/Internet Explorer/iexplore.exe" %1

...

Find 21 URL Protocols

by cocoruder(frankruder_at_hotmail.com), 2007.09
****************************************************************************************/

#include
#include

void main(void)
{
HKEY hKey,hKeyQ,hKeyCmd;
DWORD cbName = MAX_PATH;
TCHAR achKey[MAX_PATH];
DWORD cSubKeys;
FILETIME ftime;
DWORD cbData = MAX_PATH;
DWORD j = 0;
DWORD tp,tp1=0,retVal;
BYTE rData[MAX_PATH],tmpBuff[MAX_PATH];
char szRecvCmdData[1024];
DWORD cbRecvCmdData;

RegOpenKeyEx(HKEY_CLASSES_ROOT, "", 0, KEY_READ, &hKey);

RegQueryInfoKey(
hKey, // key handle
NULL, // buffer for class name
NULL, // size of class string
NULL, // reserved
&cSubKeys, // number of subkeys
NULL, // longest subkey size
NULL, // longest class string
NULL, // number of values for this key
NULL, // longest value name
NULL, // longest value data
NULL, // security descriptor
NULL // last write time
);

DWORD dwAllProtocols=0;
for (j = 0; j
{
cbName=MAX_PATH;
achKey[0] = '/0';

memset(achKey,0,sizeof(achKey));

RegEnumKeyEx(hKey,
j,
achKey,
&cbName,
NULL,
NULL,
NULL,
&ftime);

if (achKey[0]==0x00)
{
continue;
}

RegOpenKeyEx(HKEY_CLASSES_ROOT, achKey, 0, KEY_QUERY_VALUE, &hKeyQ );

cbData = MAX_PATH;
memset(rData,0,sizeof(rData));
retVal=RegQueryValueEx(hKeyQ,"URL Protocol",NULL,&tp,rData,&cbData );
if (retVal == ERROR_SUCCESS)
{
sprintf((char *)tmpBuff,"%s//shell//open//command",achKey);

//get the command line
RegOpenKeyEx(HKEY_CLASSES_ROOT, (char *)tmpBuff, 0, KEY_QUERY_VALUE, &hKeyCmd);
memset(szRecvCmdData,0,sizeof(szRecvCmdData));
cbRecvCmdData=sizeof(szRecvCmdData);
retVal=RegQueryValueEx(hKeyCmd,NULL,NULL,&tp1,(unsigned char *)szRecvCmdData,&cbRecvCmdData);

printf("[%s]/n%s/n/n",achKey,szRecvCmdData);

dwAllProtocols++;

RegCloseKey(hKeyCmd);
}

RegCloseKey(hKeyQ);

}

RegCloseKey(hKey);

printf("/nFind %d URL Protocols",dwAllProtocols);

}  
0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:3704879次
    • 积分:60325
    • 等级:
    • 排名:第41名
    • 原创:1549篇
    • 转载:1252篇
    • 译文:0篇
    • 评论:459条
    最新评论