Penetration Testing mailing list archives
MDAC/ IIS / Shell Code Goodies
From: "McKenzie Family" <themac () bigpond net au>
Date: Sun, 28 Jul 2002 18:06:53 +0800
(This seems to be an oldy but goody not affected by MS patches) Senario: (1) Win NT / IIS 4 (2) http://server/msadc/samples/adctest.asp found from whisker. Connection: DSN=AdvWorks Query: Select * from Products where ProductType='|shell("<<<INSERT>>>")|'
From other peoples experience whats a good shell code to pipe into the field
to test if its vulnerable.. Ive tried a few of the echo, rdisk, and copy of repair\sam._ to intedpub\wwwroot and then tried dloadin git from the web, but so far no response .... I take it that means that the version of MDAC has been upgraded and therefor not vulnerable even though the sample page still exist? Regards, Nick ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Pen-Testing contracts Johan Denoyer (Jul 17)
- RE: Pen-Testing contracts Password Crackers, Inc. (Jul 17)
- MDAC/ IIS / Shell Code Goodies McKenzie Family (Jul 28)
- Re: MDAC/ IIS / Shell Code Goodies olle (Jul 29)
- MDAC/ IIS / Shell Code Goodies McKenzie Family (Jul 28)
- Re: Pen-Testing contracts Bojan Zdrnja (Jul 18)
- RE: Pen-Testing contracts Password Crackers, Inc. (Jul 17)