Yet Another ODBC Bugged ASP Sample Page

From: Wanderley J. Abreu Junior (stormat_private)
Date: Thu Jul 29 1999 - 00:32:05 PDT

Next message: Ben Greenbaum: "Microsoft's Reply regarding EFS"

Previous message: Nick FitzGerald: "Re: word 97 macrovirus protection problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Team,

            Exploiting ODBC Features that come with your sample programs is
not a mistery for any of us. So Let me add one more ASP Sample with similar
troubles:

             http://server/ASPSamp/AdvWorks/equipment/catalog_type.asp
              or yet
             http://server/AdvWorks/equipment/catalog_type.asp

            It lets you execute shell comands like the other scripts. It is
a Active Server  Page so it runs the query as a local user and doesn't need
any type of Remote Data Service to access the DSN. It just require the
default DSN (advworks) set.

            The Exploit command line can be for instance :


http://server/AdvWorks/equipment/catalog_type.asp?ProductType=|shell("cmd+/c
+dir+c:\")|

            Sorry if this SERIOUS security failure was already reported.

Regards,

             Wanderley Junior

Next message: Ben Greenbaum: "Microsoft's Reply regarding EFS"
Previous message: Nick FitzGerald: "Re: word 97 macrovirus protection problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:04 PDT