COMMAND

    asp

SYSTEMS AFFECTED

    WinNT

PROBLEM

    Wanderley  J.  Abreu  Junior  found  following.   Exploiting  ODBC
    Features that come with your sample programs is not a mistery  for
    any  of  us.   So  Let  me  add  one  more ASP Sample with similar
    troubles:

        http://server/ASPSamp/AdvWorks/equipment/catalog_type.asp

    or yet

        http://server/AdvWorks/equipment/catalog_type.asp

    It lets you execute shell comands  like the other scripts.  It  is
    a Active  Server Page  so it  runs the  query as  a local user and
    doesn't need any  type of Remote  Data Service to  access the DSN.
    It  just  require  the  default  DSN  (advworks) set.  The Exploit
    command line can be for instance :

        http://server/AdvWorks/equipment/catalog_type.asp?ProductType=|shell("cmd+/c+dir+c:\")|

SOLUTION

    Nothing yet.