CVE-2000-0402

Related Files

Microsoft SQL Server Payload Execution via SQL injection

Posted Jan 29, 2011

Authored by Rodrigo Marcos, David Kennedy, jduck | Site metasploit.com

This Metasploit module will execute an arbitrary payload on a Microsoft SQL Server, using a SQL injection vulnerability. Once a vulnerability is identified this module will use xp_cmdshell to upload and execute Metasploit payloads. It is necessary to specify the exact point where the SQL injection vulnerability happens.

tags | exploit, arbitrary, sql injection

advisories | CVE-2000-0402, CVE-2000-1209, OSVDB-15757

SHA-256 | 5c71a8e0d959c8b1f43ce27c1cfb87641e1abf71b42047e2636fd0256601f31a

Download | Favorite | View

Microsoft SQL Server Payload Execution

Posted Nov 26, 2009

Authored by David Kennedy | Site metasploit.com

This Metasploit module will execute an arbitrary payload on a Microsoft SQL Server, using the Windows debug.com method for writing an executable to disk and the xp_cmdshell stored procedure. File size restrictions are avoided by incorporating the debug bypass method presented at Defcon 17 by SecureState. Note that this module will leave a metasploit payload in the Windows System32 directory which must be manually deleted once the attack is completed.

tags | exploit, arbitrary

systems | windows

advisories | CVE-2000-0402

SHA-256 | 08dfa1b6b11d0fd3513417baa7f7f3bdc147dd9a8593be9c3fe0d2e365f87d4d

Download | Favorite | View