Re: VBScript Runtime Error'800a0006'



Hi,WHITEHAT

The integer that can be usually treated with VBScript : up to 2147483647.
Because Mod tries to handle 120100406519 as integer because only integer can be treated and causes overflow.

Cheers, ;-)

--SINORNIS



whitehat wrote
Hi List,


I'm doing Web Application PT for a website which is using IIS-4.0.
I tried giving some bigger number in the parameters of the URL, which lead to the following error because of exceeding the upper limit of that particular Datatype:

Microsoft VBScript runtime error '800a0006'
Overflow:'CLng'

/....... .asp, line29

In almost all the URLs I found this issue.
I'm preparing a report advisory for this.
So I'd like to know what are the security issues related to this error.
How an attacker could be able to exploit this flaw.


Thanks in advance


Cheers,

--WHITEHAT






------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



Relevant Pages

  • RE: Block OS Detection
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Astalavista?
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Security Grade
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Gear
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)