CVE-2003-0118

Microsoft BizTalk Server 2000 and 2002 - SQL Injection via DTA Website Request

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0118. PoCs published by Cesar Cerrudo.

AI-analyzed exploit summary This exploit demonstrates SQL injection in BizTalk Server's DTA interface, allowing remote command execution via crafted URLs. The PoC shows how an attacker can inject SQL queries to execute OS commands or grant database access.

Description

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Cesar Cerrudo · textwebappsasp

https://www.exploit-db.com/exploits/22554

View Code ZIP pw:eip

This exploit demonstrates SQL injection in BizTalk Server's DTA interface, allowing remote command execution via crafted URLs. The PoC shows how an attacker can inject SQL queries to execute OS commands or grant database access.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Microsoft BizTalk Server (version not specified)

No auth needed

Prerequisites: Network access to the BizTalk Server · DTA interface exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Cesar Cerrudo · textwebappsasp

https://www.exploit-db.com/exploits/22555

View Code ZIP pw:eip

The exploit demonstrates SQL injection in BizTalk Server's DTA interface, allowing remote command execution via crafted URLs. It leverages the `xp_cmdshell` and `sp_grantlogin` stored procedures to execute OS commands or grant database access.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Microsoft BizTalk Server (version not specified)

No auth needed

Prerequisites: Network access to the BizTalk Server DTA interface

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=105216839231951&w=2

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016

Scores

EPSS 0.0814

EPSS Percentile 94.1%

Details

Status published

Products (2)

microsoft/biztalk_server 2000 (9 CPE variants)

microsoft/biztalk_server 2002 (2 CPE variants)

Published May 12, 2003

Tracked Since Feb 18, 2026