Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions

Prev | Current Page 365 | Next

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"

The control performs
the following actions:
??? Uses a Visual Basic script to access the user??™s local ?¬? le system and create a ?¬? le of
an attacker??™s choice.
??? Invokes the Shell.Explorer Class ID, which opens a web browser in control of
the attacker.
210 Hacking Exposed Web 2.0
The code for ActiveX.stream is as follows:

ActiveX.stream

ActiveX.stream

To show how an attacker might abuse ActiveX controls for his own advantage, let??™s
walk through ActiveX.stream.
Make sure you install the ActiveX control on a lab machine and not on a corporate laptop or production
server. This control will download code that could be harmful to your system.

Pages:
353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377

After the Rain : how the West lost the East (page 383) A History of Indian Philosophy, Volume 1 (page 162) The Adventures of Tom Sawyer, Part 3. (page 63)

Books for you

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"