Leaky but goodie

I've recently have been into leaked code to exploit or demonstrate serious vulnerabilities. The last one I got my hands on was the phpBB exploit against the phpBB forum software. Naturally I documented my delicious trials right here...

The latest thing that I managed to get my hands on is the exploit for Microsoft Jet. It specifically attacks msjet40.dll which exists on every Windows 2000 and XP system out there.

Of course I won't put the source code here but any fool can find it on the web these days, it's leaked afterall.

Basically how it works is that it creates a corrupted MS Access file (.mdb). Inside this mdb is code that will allow you to grab the EIP and hence execute more code embedded in the mdb. As long as someone is dumb enough to double click on the mdb. Which is easy if u ask me, just name it something like my_credit_card_details.mdb.

I'm still fooling around with it, but it seems like the potential is great. U can use it as an eggdrop or do lots of nasty things, since the amount of shellcode that you can put in the mdb is virtually unlimited.

This thing hits even XP Service Pack 2 btw.