Follow:

Exploit:Win/CMS.SQLServer.RCE!CAN-2002-0719

Severity rating
Moderate

Class/Type
Exploit

Discovered date
2002-08-07T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A SQL injection vulnerability affecting a function that services requests for image files and other resources. Exploiting the vulnerability could enable an attacker to run SQL commands on the server, which would not only allow data in the MCMS database to be added, changed or deleted, but also would enable the attacker to run operating system commands on the server.



Impact

Exploiting the vulnerability would not grant the attacker administrative privileges on the server. Instead, any operating system commands would be levied in the security context of the SQL Serverâ„¢ 2000 service, which by default has only Domain User privileges.



Technical details (analysis)

Microsoft Content Management Server (MCMS) 2001 is a .Net Enterprise Server product that simplifies developing and managing e-business web sites. This service fails to sanitize SQL requests. This leads to a SQL injection attack which can be levied from the URL request.



Affected software

Microsoft Content Management Server 2001



Non-affected software

All those applications not on the affected list.



References




Solutions




NIS signature

Name: Exploit:Win/CMS.SQLServer.RCE!CAN-2002-0719
Release Date: 2002-08-07T00:00:00



Known false positives

No known false positives at this time



Work-arounds

There are no known workarounds.