Re: ASP code testing

From: Kevin Spett (kspett@spidynamics.com)
Date: 11/18/01 

Message-ID: <006e01c1707e$b538e700$f300000a@spidata>
From: "Kevin Spett" <kspett@spidynamics.com>
To: "Dan Richardson" <dan.richardson@paradise.net.nz>, <pen-test@securityfocus.com>
Subject: Re: ASP code testing
Date: Sun, 18 Nov 2001 14:16:44 -0800

    Dunno about the buffer overflow question (I've been toying with similar
ideas), but it's generally a bad idea for the client to be able to get
backend error messages of any kind. Have you checked to see if you can get
an ODBC error message? Try adding a single quote or an SQL keyword such as
' OR' to the argument and see if you can pull off an SQL Injection attack.

    Kevin.

----- Original Message -----
From: "Dan Richardson" <dan.richardson@paradise.net.nz>
To: <pen-test@securityfocus.com>
Sent: Saturday, November 17, 2001 3:00 PM
Subject: ASP code testing

> I'm currently testing some ASP code on an e-commerce site. My question
> is could this be used to execute a buffer overflow exploit?
>
> The following URL:
>
> http://www.asite.com/show/showsomething.asp?ID=5
>
> Will retrieve a legitmate item from the database. By playing with the
> number a bit-
>
> http://www.asite.com/show/showsomething.asp?ID=32767
>
> Will generate
>
> ADODB.Field error '80020009'
>
> Either BOF or EOF is True, or the current record has been deleted.
> Requested operation requires a current record.
>
> But if I bump that number up to 32768 (unsigned integer limit)-
>
> Microsoft VBScript runtime error '800a0006'
>
> Overflow: 'cint'
>
> /show/showsomething.asp, line x
>
>
> Thanks
>
> Dan
>
>
>
> -------------------------------------------------------------------------- 

--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: CFM SQL injection
    ... You should better use union or alike get unauthorized data from the ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: ettercap help
    ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)