CVE-2008-5416 PoC — Microsoft SQL Server sp_replwritetovarbin远程堆溢出漏洞

Source

https://github.com/SECFORCE/CVE-2008-5416

Associated Vulnerability

Title:Microsoft SQL Server sp_replwritetovarbin远程堆溢出漏洞 (CVE-2008-5416)
Description:Microsoft SQL Server是一款流行的SQL数据库系统。 SQL Server的sp_replwritetovarbin扩展存储过程中存在堆溢出漏洞。如果远程攻击者在参数中提供了未初始化变量的话，就可以触发这个溢出，向可控的位置写入内存，导致以有漏洞SQL Server进程的权限执行任意代码。在默认的配置中，任何用户都可以访问sp_replwritetovarbin过程。通过认证的用户可以通过直接的数据库连接或SQL注入来利用这个漏洞。

Description

Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection

Readme

# CVE-2008-5416

Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection

A heap-based buffer overflow can occur when calling the undocumented
"sp_replwritetovarbin" extended stored procedure. This vulnerability affects
all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database,
and Microsoft Desktop Engine (MSDE) without the updates supplied in MS09-004.
Microsoft patched this vulnerability in SP3 for 2005 without any public
mention.

Credits:

          'jduck',          # MS09-004 base exploit
          'Rodrigo Marcos'  # SQL Injection mods

File Snapshot


 [4.0K]  /data/pocs/7c5efe050e6e9bd9a158efa98c8007c1f18a0173
├── [ 20K]  exploit.rb
└── [ 592]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!