U148 Archive

Markdown archive served by Next.js

ïw¤ÎBlog

来源: BlogBus 原始链接: http://www.blogbus.com:80/blogbus/blog/diary.php?diaryid=462405 存档链接: https://web.archive.org/web/20041103095240id_/http://www.blogbus.com:80/blogbus/blog/diary.php?diaryid=462405

ïw¤ÎBlog ÃΣ¬·ÉÆðµÄµØ·½ <<<libxml2 Remote buffer overflow Proof of Concept Exploit | Ê×Ò³ | Microsoft Internet Explorer IFRAME Tag Overflow Exploit>>> 2004-10-26 07:35 ²¡¶¾Ãû³Æ£ºTrojan/QQMsg.Axela ²¡¶¾ÀàÐÍ£ºQQβ°Í²¡¶¾ ´«²¥·½Ê½£ºÍøÂç ²¡¶¾´óС£º18K~20K Σº¦µÈ¼¶£º¡ï¡ï¡ï ½üÈÕ£¬½­Ãñ·´²¡¶¾ÖÐÐļà²âµ½£¬ QQβ°ÍľÂí"Ôµ"(Trojan/QQMsg.Axela)ÔÚ×î½üÁ½ÖÜÓÖËÀ»Ò¸´È¼£¬½ÓÁ¬µ®ÉúÁ˶à¸ö±äÖÖ¡£¸Ã²¡¶¾ÔøÔÚ½ñÄê3¡«6Ô·ݸÐȾÁË´óÁ¿¹úÄÚQQÓû§£¬Õâ´Î¸üÊÇÔÚ10ÔÂ22ÈÕÖÁ10ÔÂ24ÈÕÖÜÄ©ÈýÌìÖÐÒ»ÏÂÍƳö12¸öбäÖÖ£¬ÔÙ´ÎÔì³É´óÃæ»ýQQÓû§ÖÐÕС£ ÕâЩбäÖÖÀûÓÃKVɱ¶¾Èí¼þ3ÔÂ19ÈÕÒÔºóµÄ²¡¶¾¿â¾ù¿É±¨¸æÒÉËƲ¡¶¾¡£Éý¼¶µ½10ÔÂ25ÈÕ²¡¶¾¿â£¬¼´¿ÉÈ«Ãæ²éɱ¸Ã²¡¶¾¼Ò×åÄ¿Ç°×ܹ²35¸ö±äÖÖ¡£ÏÂÃæÊǼ¼Êõ·ÖÎö±¨¸æ£º

  1. ²¡¶¾»áͨ¹ýQQÁÄÌìÈí¼þ·¢ËÍ°üº¬²¡¶¾ÍøÖ·µÄÏûÏ¢£¬"Ôµ"ľÂí²¡¶¾·¢Ë͵ÄÏûÏ¢£¬×îÃ÷ÏÔµÄÌصãÊÇ»á°üº¬ÏûÏ¢½ÓÊÕÕßµÄQQêdzƣ¬ÕâÒ²ÔöÇ¿ÁËËüµÄÆÛÆ­ÐÔ£¬Çë¹ã´óQQÓû§Ò»¶¨Ð¡ÐÄ¡£Èçͼ£º
  2. ²¡¶¾ÔËÐк󣬽«´´½¨ÏÂÁÐÎļþ£º %SystemDir%\n0tepad.exe, ²¡¶¾±¾Éí %SystemDir%\taskmgr.exe, ²¡¶¾±¾Éí %SystemDir%\windll.dll, 20×Ö½Ú£¬Îı¾Îļþ£¬°üº¬ÎêÈèÐÔÎÄ×Ö %WinDir%\n0tepad.exe, ²¡¶¾±¾Éí
  3. ÔÚ×¢²á±íÖÐÌí¼ÓÏÂÁÐÆô¶¯Ï [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "taskmgr" = %SystemDir%\taskmgr.exe ÕâÑù£¬ÔÚWindowsÆô¶¯Ê±£¬²¡¶¾¾Í¿ÉÒÔ×Ô¶¯Ö´ÐС£
  4. ²¡¶¾Í¨¹ýÐÞ¸ÄÏÂÁÐ×¢²á±í¼üÖµ£¬ÐÞ¸ÄÎļþ¹ØÁª£º [HKEY_CLASSES_ROOT\txtfile\shell\open\command] "" = N0TEPAD.EXE %1 ÕâÑù£¬Óû§´ò¿ªÈκÎtxtÎļþ£¬¶¼»áÔÙ´ÎÔËÐв¡¶¾³ÌÐò¡£ Èç¹ûÄúÔÚQQÉÏÊÕµ½ÁËÓëÉÏÎÄÃèÊöÀàËƵÄÏûÏ¢£¬Ç§Íò²»Òªµã»÷ÏûÏ¢ÖеIJ¡¶¾ÍøÖ·¡£Á¢¼´°ÑKVϵÁÐɱ¶¾Èí¼þ²¡¶¾¿âÉý¼¶µ½10ÔÂ25ÈÕ£¬´ò¿ªÊµÊ±¼à¿Ø£¬±£»¤ÄúµÄϵͳ²»ÊÜÆäÇÖº¦¡£ bamb00 @ 2004-10-26 07:35 ·µ»ØÒ³Ê× | ÆÀÂÛ | ÒýÓÃ(0) | ±à¼­ ÆÀÂÛ ·¢±íÆÀÂÛ ×îÐÂÎÄÕ Microsoft Internet Explorer IFRAME Tag Overflow Exploit µ±Å®ÈË¿ªÊ¼Ïû·ÑÄÐÉ« Bagle.BCбäÖÖѸËÙÂûÑÓ ×¨¼ÒÀ­ÏìºìÉ«¾¯¸æ SQL--DML ¶í·´²¡¶¾×¨¼Ò·¢ÏÖDZÔÚÍþв¸ü´óµÄÈä³æ²¡¶¾±äÖÖ ·´²¡¶¾×¨¼ÒÌáÐÑ£º¼ÙQQ¡°²¡¶¾×¨¼Ò¡±Õæ͵ÃÜÂë Linux Kernel <= 2.6.7 Firewall Logging Rules Remote DoS Exploit Ê×ÀýÖÐÎÄ»ìºÏÐͲ¡¶¾Õ§ÏÖ»¥ÁªÍø Windows 2000ϵͳÖն˷þÎñÆ÷¾Ü¾ø·þÎñ©¶´ UBBThreads phpÔ¶³ÌSQL×¢È멶´