Dear Team,
Exploiting ODBC Features that come with your sample programs is
not a mistery for any of us. So Let me add one more ASP Sample with similar
troubles:
http://server/ASPSamp/AdvWorks/equipment/catalog_type.asp
or yet
http://server/AdvWorks/equipment/catalog_type.asp
It lets you execute shell comands like the other scripts. It is
a Active Server Page so it runs the query as a local user and doesn't need
any type of Remote Data Service to access the DSN. It just require the
default DSN (advworks) set.
The Exploit command line can be for instance :
http://server/AdvWorks/equipment/catalog_type.asp?ProductType=|shell("cmd+/c
+dir+c:\")|
Sorry if this SERIOUS security failure was already reported.
Regards,
Wanderley Junior
