food for thought: who can you trust when the people who are *supposed* to be protecting you cant even secure their own site? the details: eeye.com is run on the (in)famous webserver IIS, and eeye is purely a micrsoft orientated site. the problem lies in its forums, some misplaced ' lead to an information leak and possibly an sql injection problem. as follows: http://www.eeye.com/~apps/modules/Forum/threads.asp?cat=t.0326.192953.399014&filter='90 Microsoft VBScript runtime error '800a000d' Type mismatch: 'CLng' /~apps/modules/Forum/threads.asp, line 13 ohk we have sourced this out, next we find that a string of say hmm 30 chars, all integers crashes the app. http://www.eeye.com/~apps/modules/Forum/threads.asp? cat=t.0326.192953.399014&filter=90909090909090909090909090909909090 Microsoft VBScript runtime error '800a0006' Overflow: 'CLng' /~apps/modules/Forum/threads.asp, line 13 one looks at this and *immediately* says "integer overflow" interesting. we can see there is some sql calls there somewhere so therfore possible cmd execution. also, one has to ask the question: are the blind leading the blind? a small information leak could be *vital* in finding webroots etc...might have been handy to those crazy defacers in the day. thanks and goodnight. davidr _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
This archive was generated by hypermail 2b30 : Mon Feb 18 2002 - 13:53:24 PST