Re: MDAC/ IIS / Shell Code Goodies

From: olle (olle@nxs.se)
Date: Mon Jul 29 2002 - 04:34:51 EDT


On Sun, Jul 28, 2002 at 06:06:53PM +0800, McKenzie Family wrote:
> (This seems to be an oldy but goody not affected by MS patches)
>
> Senario:
> (1) Win NT / IIS 4
> (2) http://server/msadc/samples/adctest.asp found from whisker.
>
> Connection: DSN=AdvWorks
> Query: Select * from Products where ProductType='|shell("<<<INSERT>>>")|'
>
> >From other peoples experience whats a good shell code to pipe into the field
> to test if its vulnerable.. Ive tried a few of the echo, rdisk, and copy of
> repair\sam._ to intedpub\wwwroot and then tried dloadin git from the web,
> but so far no response ....
>
> I take it that means that the version of MDAC has been upgraded and therefor
> not vulnerable even though the sample page still exist?

Adctest is just a clientside frontend for basic RDS functionality.
What you are describing is exactly what the good old msadc.pl does.

Read up on RDS, I recommend going to http://www.wiretrip.net/rfp/

/olle

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT