Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!--
- _ _ _ _
- | | | | | | |
- | |__ ___ _ _ ___ _ __ __| | |_ _ __ _ _ ___| |_
- | '_ \ / _ \ | | |/ _ \| '_ \ / _` | __| '__| | | / __| __|
- | |_) | __/ |_| | (_) | | | | (_| | |_| | | |_| \__ \ |_
- |_.__/ \___|\__, |\___/|_| |_|\__,_|\__|_| \__,_|___/\__|
- __/ |
- |___/
- [regex smash]
- copypasted fuzzer that found MS15-053 - CVE-2015-1686
- i pity the fool that dont enable gflags
- -BF
- -->
- <HTML>
- <head>
- <meta http-equiv="x-ua-compatible" content="IE=10">
- </head>
- <body >
- <script type="text/vbscript">
- On Error Resume Next
- function RandomString()
- Randomize()
- dim CharacterSetArray
- CharacterSetArray = Array(_
- Array(20, "abcdefghijklmnopqrstuvwxyz0123456789{}[]()+\\^$@?.,-"), _
- Array(1, "{}[]()+\\^$@?.,-") _
- )
- dim i
- dim j
- dim Count
- dim Chars
- dim Index
- dim Temp
- dim min, max
- min = 1
- max = 50
- for i = 0 to UBound(CharacterSetArray)
- Count = CharacterSetArray(i)(0)
- Chars = CharacterSetArray(i)(1)
- for j = 1 to Int((max-min+1)*Rnd+min)
- Index = Int(Rnd() * Len(Chars)) + 1
- Temp = Temp & Mid(Chars, Index, 1)
- next
- next
- dim TempCopy
- do until Len(Temp) = 0
- Index = Int(Rnd() * Len(Temp)) + 1
- TempCopy = TempCopy & Mid(Temp, Index, 1)
- Temp = Mid(Temp, 1, Index - 1) & Mid(Temp, Index + 1)
- loop
- RandomString = TempCopy
- end function
- Dim regEx, Match, Matches, s, cnt, outstr1, outstr2
- cnt = 10000
- While cnt > 0
- cnt = cnt - 1
- patrn = "bobbob" & RandomString()
- strng = "babbab" & RandomString()
- document.write("Pat - " & patrn)
- document.write("<br>")
- document.write("Strng - " & strng)
- document.write("<br>")
- Set regEx = New RegExp
- regEx.Pattern = patrn
- regEx.IgnoreCase = True
- regEx.Global = True
- Set Matches = regEx.Execute(strng)
- s = ""
- For Each Match in Matches
- s = s & "Match found at position "
- s = s & Match.FirstIndex & ". "
- s = s & "Match Value is '"
- s = s & Match.Value & "'."
- s = s & vbCRLF
- Next
- Wend
- </script>
- </body>
- </HTML>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement