This Metasploit module exploits a stack overflow in the MaxDB WebDBM service. By sending a specially-crafted HTTP request that contains an overly long database name. A remote attacker could overflow a buffer and execute arbitrary code on the system with privileges of the wahttp process. This Metasploit module has been tested against MaxDB 7.6.00.16 and MaxDB 7.6.00.27.
41762083ad11674f55c5750f5696d780c5f62b78712e22492dc00ab7d1673f69Symantec Security Advisory - A connection from a SAP-DB/MaxDB WebDBM Client to the DBM Server causes a buffer overflow when the given database name is too large. This can result in the execution of arbitrary code in the context of the database server. Affected version is SAP-DB/MaxDB 7.6.00.22.
f252047e0f68c231dc50e1773e17de6610f34d7f5aae0c80053dedb4165a40e1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed