CVE-2013-3563

Lianja SQL Server < 1.0 - Stack-Based Buffer Overflow via TCP Port 8001

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-3563. PoCs published by Metasploit, including Metasploit module exploits/windows/misc/lianja_db_net.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Lianja SQL's db_netserver process via a maliciously crafted payload sent to TCP port 8001. It leverages ROP chains to achieve remote code execution on vulnerable Windows systems.

Description

Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string to TCP port 8001.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/25851

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Lianja SQL's db_netserver process via a maliciously crafted payload sent to TCP port 8001. It leverages ROP chains to achieve remote code execution on vulnerable Windows systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Lianja SQL 1.0.0RC5.1

No auth needed

Prerequisites: Network access to TCP port 8001 · Vulnerable version of Lianja SQL running

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/lianja_db_net.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Lianja SQL's db_netserver process by sending a crafted payload to TCP port 8001, achieving remote code execution. The exploit leverages ROP chains for different Windows versions and includes a check function to verify target vulnerability.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Lianja SQL 1.0.0RC5.1

No auth needed

Prerequisites: Network access to TCP port 8001 on the target · Target running Lianja SQL 1.0.0RC5.1

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/25851/

Scores

EPSS 0.4822

EPSS Percentile 98.7%

Details

CWE

CWE-119

Status published

Products (1)

lianja/lianja_sql_server < 1.0

Published Jul 04, 2013

Tracked Since Feb 18, 2026