| Author |
Message |
Guest
|
 Posted:
Fri Dec 23, 2005 1:30 am Post subject:
Mozilla Clientinfo |
|
|
I am having trouble getting mozilla to access the netobj and return the
ClientInfo to me. I have tried using just the <object> tag and just the
<embed> tag and every combination of them that I can think of. I have
tried adding in the Type=application/x-drm-v2 tag into the object and I
have tried using the Classid tag in embed nothing seems to work to get
Mozilla to see the netobj. I can go through the DOM and retrieve the
HTML element that should have created the netobj but the object itself
does not seem to exist. Everytime I try to run .GetSystemInfo() I get
either an error that netobj is not defined and if I try to run it as
document.netobj I get an error that GetSystemInfo is not a function. I
am not sure what else to try has anybody gotten Mozilla to succesfully
run the DRM objects?
Mozilla version 1.5
The about plugins page shows that both Microsoft DRM objects are
enabled.
Any help would be appreciated.
|
|
| Back to top |
|
 |
Sebastian Gottschalk
Guest
|
| Posted:
Fri Dec 23, 2005 1:30 am Post subject:
Re: Mozilla Clientinfo |
|
|
bwalker77@gmail.com wrote:
| Quote: | I am having trouble getting mozilla to access the netobj and return the
ClientInfo to me. I have tried using just the <object> tag and just the
embed> tag and every combination of them that I can think of. I have
tried adding in the Type=application/x-drm-v2 tag into the object and I
have tried using the Classid tag in embed nothing seems to work to get
Mozilla to see the netobj.
|
<object id="whatever" data="" type="application/x-drm-v2"></object>?
| Quote: | I can go through the DOM and retrieve the
HTML element that should have created the netobj but the object itself
does not seem to exist.
|
Is the type of the Node an HTMLObjectElement? It should alway exist.
| Quote: | Everytime I try to run .GetSystemInfo() I get
either an error that netobj is not defined
and if I try to run it as
document.netobj I get an error that GetSystemInfo is not a function.
|
Of course, as document.netobj doesn't exist.
| Quote: | I am not sure what else to try has anybody gotten Mozilla to
succesfully run the DRM objects?
|
At first, you should get the right object. To not make any errors on
traversing the DOM tree, it's best practive to assign an ID attribute
and use document.getElementById('the id'). The returned type should be
an HTMLObjectElement.
Anyway, did you manage to enable Plugin Scripting first?
-> netscape.security.PrivilegeManager.enablePrivilege("LiveConnect"),
which should either request the user to allow this action or it denies
by default - of course, as scirpting plugin is horribly insecure.
That's why your exploit won't work on most system. Better focus on
compromissing the system using evil pseudo WMV files. |
|
| Back to top |
|
|
Guest
|
| Posted:
Fri Dec 23, 2005 7:43 am Post subject:
Re: Mozilla Clientinfo |
|
|
I am not trying to use this to hack systems. I work for a company that
provides DRM solutions. We are looking to try and make the DRM solution
as cross browser capable as possible so the only remaining caveot to
the system is that they must be running Windows and have media player
7.1 or better. I am using the following code to create the object.
<OBJECT ID="netobj" CLASSID=CLSID:A9FC132B-096D-460B-B7D5-1DB0FAE0C062
HEIGHT=0 WIDTH=0>
<EMBED TYPE="application/x-drm-v2" MAYSCRIPT HIDDEN="true"
NAME="netobj" HEIGHT=0 WIDTH=0></EMBED>
</OBJECT>
As I said I am able to see the HTMLElement but the actual object itself
does not appear to be created.
|
|
| Back to top |
|
|
Sebastian Gottschalk
Guest
|
| Posted:
Fri Dec 23, 2005 8:27 am Post subject:
Re: Mozilla Clientinfo |
|
|
bwalker77@gmail.com wrote:
| Quote: | I am using the following code to create the object.
OBJECT ID="netobj" CLASSID=CLSID:A9FC132B-096D-460B-B7D5-1DB0FAE0C062
HEIGHT=0 WIDTH=0
EMBED TYPE="application/x-drm-v2" MAYSCRIPT HIDDEN="true"
NAME="netobj" HEIGHT=0 WIDTH=0></EMBED
/OBJECT
|
Nice exploit. Why don't you try the real ClassId, which would be
"WMDRM.DrmLicense"?
| Quote: | As I said I am able to see the HTMLElement but the actual object itself
does not appear to be created.
|
When done as above, of course it can't work. As the Object doesn't find
anything usable (mainly due that you forgot to include the DATA
attribute and the ClassID being invalid) to load as a plugin, the inner
content is getting used - the Embed. Can you see the HTMLEmbedElement of
it? Still the Src attribute (can be empty) is missing. |
|
| Back to top |
|
|
Guest
|
| Posted:
Fri Dec 23, 2005 9:30 pm Post subject:
Re: Mozilla Clientinfo |
|
|
Even using WMDRM.DrmLicense instead of the CLSID that works in IE it
still comes back and tells me that the netobj is not defined. The CLSID
that I am using came directly from Microsoft and works fine in Internet
Explorer but Mozilla and Opera are not able to instatiate the object. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in