trung0407 Posted July 4, 2009 Posted July 4, 2009 You can inject simple code into an autoit program. For example: Global $var, $var2=5 $var = InputBox("","") Execute($var) So at the inputbox, if I type: MsgBox(0,"title", $var2) then type ok, i'll have a msgbox and show the value of $var2, which is 5. This is a way to hack a program if you know the name of any variables used. Example 2 Global $var, $var2=5 $var = InputBox("","") Execute($var) MsgBox(0, "",$var2) Now, normally, at the end, this script will show a msgbox with the value of $var2, which is 5. But if I enter in the inputbox this: Assign("var2", 10) then my final result of $var2 is 10
Xand3r Posted July 4, 2009 Posted July 4, 2009 that's so cool ... i had no ideea you could pass functions to execute Only two things are infinite, the universe and human stupidity, and i'm not sure about the former -Alber EinsteinPractice makes perfect! but nobody's perfect so why practice at all?http://forum.ambrozie.ro
SkellySoul Posted July 4, 2009 Posted July 4, 2009 (edited) #include <String.au3> MsgBox(0 , "Hello " & @UserName, "You can inject simple code into an autoit program.") $Input = InputBox("0 Rly" , "Test" , "Hello " & @UserName & " Sending Code to be injected!") MsgBox(16 , @IPAddress1 , $Input) ConsoleWrite(_StringEncrypt(0 , "16D1C1FDE51B4B3A511EB53FA6E1A5A781950D0E05A3948D4E23A3E755B5A81F0E0769AD6F08AFD75AF1C41137F61D2D4061C715D6F17C199BF6882B949DED57E70F1EC6927915A97FEF7AD53022A668CFF4724F69CBA5D1719F9D0B54DDD0C608697571447F72BFABC37CF4D84F215B89D93434B1BF067AD97A0E6C2DA966CBA3A454AC3FBD55200A52A08CC5992AEE366309445DF6DD43DC719170FBF0749035AE3518028F" , "Love")) I am going to bed now... I am only joking 4chan got the best of me tonight Edited July 4, 2009 by SkellySoul
trung0407 Posted July 4, 2009 Author Posted July 4, 2009 I show you this to let you know the security hole of the function Execute. Not trying to encourage hack or anything
Developers Jos Posted July 4, 2009 Developers Posted July 4, 2009 (edited) I show you this to let you know the security hole of the function Execute. Not trying to encourage hack or anything There is not security a hole in Execute, since its by design done by the programmer coding the script. This is not code injection in the true sense, but flexibility allowed by the programmer of the script.Jos Edited July 4, 2009 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Malkey Posted July 4, 2009 Posted July 4, 2009 Here is another example of using Execute() on its string parameter. ; #include <Date.au3> MsgBox(0, "Add day & replace numeric month", Execute(StringRegExpReplace(_Now(), "(\d{1,2})/(\d{1,2})/(\d{4})(.*)", _ '_DateDayOfWeek(_DateToDayOfWeek ("\3","\2","\1")) & ", \1 " & _DateToMonth("\2") & ", \3 @\4"'))) ;
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now