The button is only there for the protection of the tester. The script could just as easily
run when the page loaded, but introducing the button might save you some trouble
later when you have 50 of these test.html files lying around and accidentally randomly
open the one that calls RebootMachine().
So it appears that this control does very bad things that a safe-for-scripting ActiveX control
should not do. But this is only dangerous for the people who have this control
installed, right? I mean, it??™s not like you can force-install an ActiveX control onto someone??™s
computer just by them browsing to your web page, can you? Yes and no.
Chapter 15: Client-Side Browser Exploits
375
PART IV
Gray Hat Hacking: The Ethical Hacker??™s Handbook
376
Remember from the ???Internet Explorer Security Concepts??? section earlier, we said that an
attacker at evil.com can host the vulnerable safe-for-scripting ActiveX control and trick a
user into accepting it? It looks like this SupportSoft Installer control is widely used for
technical support purposes, and as of March 2007 the vulnerable control is being hosted
on many websites. You can easily find a copy of the vulnerable control by plugging the
filename into your search engine.
Pages:
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680