The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

When an application installs an ActiveX control, in addition to the browser

alert asking your permission to install it, you should see code similar to the fol-

lowing within the HTML source of an application page:

This code tells the browser to instantiate an ActiveX control with the speci-

fied name and 

classid

If a control is already installed, the 

codebase

parameter is not required, and the

browser will locate the control from the local computer, based on its unique

classid

If a user gives permission to install the control, then the browser registers it

as “safe for scripting.” This means that it can be instantiated, and its methods

invoked, by any web site in the future. To verify for sure that this has been

done, you can check the registry key 

HKEY_CLASSES_ROOT\CLSID\{classid of

control taken from above HTML}\Implemented Categories

. If the subkey

7DD95801-9882-11CF-9FA9-00AA006C42C4

is present, then the control has been

registered as “safe for scripting,” as illustrated in Figure 12-11.

Figure 12-11: A control registered as safe for scripting