mailing list archives
Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln
From: saps.audit () gmail com
Date: 5 Dec 2006 21:29:44 -0000
well actually there no injection sql in the var :
it's just an error for type mismatch ...
( Microsoft VBScript runtime error '800a000d'
Type mismatch: '[string: "query_blabla"]'
i think those guys ( aria ) doesn't understand the difference between an error sql and a injection sql...
wich i found funny for a security team ;P