(This seems to be an oldy but goody not affected by MS patches)
Senario:
(1) Win NT / IIS 4
(2) http://server/msadc/samples/adctest.asp found from whisker.
Connection: DSN=AdvWorks
Query: Select * from Products where ProductType='|shell("<<<INSERT>>>")|'
>From other peoples experience whats a good shell code to pipe into the field
to test if its vulnerable.. Ive tried a few of the echo, rdisk, and copy of
repair\sam._ to intedpub\wwwroot and then tried dloadin git from the web,
but so far no response ....
I take it that means that the version of MDAC has been upgraded and therefor
not vulnerable even though the sample page still exist?
Regards,
Nick
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
