rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";alert(‘foo’);
引用
RUNDLL32.EXE <dllname>,<entrypoint> <optional arguments>
原理分析: http://thisissecurity.net/2014/08/20/poweliks-command-line-confusion/
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";alert(‘foo’);