CVE-2000-0402

Microsoft SQL Server 7.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2000-0402. PoCs published by David Kennedy, including Metasploit module exploits/windows/mssql/mssql_payload.

AI-analyzed exploit summary This Metasploit module exploits SQL injection vulnerabilities in Microsoft SQL Server to execute arbitrary payloads via xp_cmdshell. It supports multiple delivery methods including debug.exe, command stager, and PowerShell.

Description

The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.

Exploits (4)

exploitdb WORKING POC
rubyremotewindows
https://www.exploit-db.com/exploits/16394

This Metasploit module exploits SQL injection vulnerabilities in Microsoft SQL Server to execute arbitrary payloads via xp_cmdshell. It supports multiple delivery methods including debug.exe, command stager, and PowerShell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft SQL Server
Auth required
Prerequisites: SQL injection vulnerability in target application · xp_cmdshell enabled on MS SQL Server · Valid credentials or authentication bypass
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
rubyremotewindows
https://www.exploit-db.com/exploits/16395

This Metasploit module exploits Microsoft SQL Server by leveraging the 'xp_cmdshell' stored procedure to execute arbitrary payloads. It supports multiple delivery methods, including debug.com, Command Stager, and PowerShell, to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft SQL Server
Auth required
Prerequisites: Valid SQL Server credentials · Access to 'xp_cmdshell' stored procedure
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by David Kennedy · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/mssql_payload.rb

This Metasploit module exploits Microsoft SQL Server by leveraging the 'xp_cmdshell' stored procedure to execute arbitrary payloads. It supports multiple delivery methods, including PowerShell, command stager, and debug.exe, to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft SQL Server
Auth required
Prerequisites: Valid SQL Server credentials · Sysadmin privileges
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by David Kennedy · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/mssql_payload_sqli.rb

This Metasploit module exploits SQL injection vulnerabilities in Microsoft SQL Server to execute arbitrary payloads via xp_cmdshell. It supports multiple delivery methods, including PowerShell, Command Stager, and debug.exe, and is designed for remote code execution (RCE).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft SQL Server
No auth needed
Prerequisites: SQL injection vulnerability in target application · xp_cmdshell enabled on the SQL Server
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_mskb
http://www.microsoft.com/technet/support/kb.asp?ID=263968
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1281

Scores

EPSS 0.7848
EPSS Percentile 99.1%

Details

Status published
Products (1)
microsoft/sql_server 7.0 (3 CPE variants)
Published May 30, 2000
Tracked Since Feb 18, 2026