Re: Is this a security risk?

From: Mike Epprecht \(SQL MVP\) (mike_at_epprecht.net)
Date: 04/27/05 

Date: Wed, 27 Apr 2005 18:49:17 +0200

Hi

It is a problem. If I was a hacker, I now have a good load of information to
start hacking with. Based on those names, I can deduce other names.

The toughest part of hacking is getting enough information so that you can
find a hole.This is a Silver platter.

Regards
--------------------------------
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland

IM: mike@epprecht.net

MVP Program: http://www.microsoft.com/mvp

Blog: http://www.msmvps.com/epprecht/

"Shark Bait" <SharkBait@discussions.microsoft.com> wrote in message
news:15B676C1-BAF5-4566-BB1E-31A52B314810@microsoft.com...
> I'm doing some testing on a vendor's web site and ran into the error
> below. I
> told the vendor that displaying this kind of error could give a hacker the
> information needed to hack the db or attempt SQL injection attacks etc.
> (btw
> this is a bank). The vendor is telling me that there is no danger in
> releasing this information on the web site. I thold them they need to
> display
> something else.
>
> Assuming you or a hacker had this information, company information and the
> URL where this error occurred; do you think these pose a security risk?
>
> *** This is the error with the table database and field names changed ****
> Insert statement conflicted with COLUMN CHECK constraint
> 'AColumnCheckConstraint'.
> The conflict occurred in database 'ADatabaseName', table 'ATableName',
> column 'PaymentAmount'..,
> PaymentXML: 10056AWEBWEB01-4858538-14 ... WEBSERVERNAME ...
>

Relevant Pages

  • [Full-Disclosure] ron1n phone home, episode one, reloaded
    ... guides to Mostly Harmless Hacking and feel it will direct new and upcoming ... We would like to take this oppurtunity to thank the granny hacker from ... Harmless Hacking part ... These Guides to Harmless Hacking can be your gateway into this ...
    (Full-Disclosure)
  • [Full-Disclosure] ron1n phone home, episode three
    ... in Windows 95 hacking ... Harmless Hacking series and the granny hacker from heck is in full support ... Make sure you have a Windows 95 boot disk. ...
    (Full-Disclosure)
  • [REVS] Hacking UNIX - Second Edition
    ... Get your security news from a reliable source. ... Hacking UNIX - Second Edition is a hacking guide for absolute beginners in ... "hacker". ... Many people have bad experiences with learning, ...
    (Securiteam)
  • Is this a security risk?
    ... I'm doing some testing on a vendor’s web site and ran into the error below. ... told the vendor that displaying this kind of error could give a hacker the ... Assuming you or a hacker had this information, ...
    (microsoft.public.sqlserver.security)
  • this is THE joke of the year!!!
    ... the living room one night to blurt out: "Peter is a computer hacker!" ... I provide that information to other parents, in the hope that they will be ... able to tell if their children are being drawn into the world of hacking. ... son matches the profile, they should take action. ...
    (comp.os.linux.security)