Hello all, I am doing a pen test against a IIS 5 web server. The web server requires a user name and password via a logon form. if a single quote character is entered (username)the following error is produced [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '' and password=''. I remember reading somewhere that this can be used to gain further access? but i cant find the info. Can any one help? Thanks in advance. Gary ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 14:22:18 PST