No, this is not a buffer over-flow. The errors you are getting are standard DB error for not found records or illegal numbering ----------- Omar Koudsi IT Architect Network Security Center Special Systems Company http://security.sscjo.com omarkat_private Tel: (9626) 5664221 Fax: (9626) 5681557 -----Original Message----- From: Dan Richardson [mailto:dan.richardsonat_private] Sent: Sun, November 18, 2001 1:00 AM To: pen-testat_private Subject: ASP code testing I'm currently testing some ASP code on an e-commerce site. My question is could this be used to execute a buffer overflow exploit? The following URL: http://www.asite.com/show/showsomething.asp?ID=5 Will retrieve a legitmate item from the database. By playing with the number a bit- http://www.asite.com/show/showsomething.asp?ID=32767 Will generate ADODB.Field error '80020009' Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record. But if I bump that number up to 32768 (unsigned integer limit)- Microsoft VBScript runtime error '800a0006' Overflow: 'cint' /show/showsomething.asp, line x Thanks Dan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 15:05:08 PST