RE: eeye.com insecurities

From: Marc Maiffret (marcat_private)
Date: Mon Feb 18 2002 - 14:31:26 PST

Next message: Dom De Vitto: "RE: Firewall-1 and ISA D.o.S."

Previous message: Jim Harrison (SPG): "RE: Firewall-1 and ISA D.o.S."
Next in thread: M. Burnett: "RE: eeye.com insecurities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The information posted about the forums on eeye.com is false.

Lets examine....

http://www.eeye.com/~apps/modules/Forum/threads.asp?cat=t.0326.192953.39
9014&filter='90

Microsoft VBScript runtime error '800a000d'
Type mismatch: 'CLng'
/~apps/modules/Forum/threads.asp, line 13

CLng is a Visual Basic function that converts a string to a subtype Long.
The ' character within "'90" causes that conversion to fail and therefore
you get the above error from VB. There is no programs or modules or anything
failing. Just that single ASP script, that someone specifically passes wrong
arguments to, fails. However, that affects nothing. The ' has nothing to do,
in this case, with any SQL injection etc...

http://www.eeye.com/~apps/modules/Forum/threads.asp?
cat=t.0326.192953.399014&filter=90909090909090909090909090909909090

Microsoft VBScript runtime error '800a0006'
Overflow: 'CLng'
/~apps/modules/Forum/threads.asp, line 13

This next one is not a buffer overflow or anything of that nature. When the
multiple 90's go through the CLng conversion the conversion fails because
the number sent is bigger than Long can store. Once again, there is no
exploit or vulnerability here. Nor does this cause anything to crash on our
server. Nor is there any SQL injection problem here.

Also there is no information leak. Well unless someone thinks that getting
the virtual path to threads.asp (/apps/modules/Forum/threads.asp) is an
information leak... In which case maybe you should be educated on your web
browsers powerful View Source functionality which can give you the same
information.

Thank you for making my brain hurt on my day off, please drive through.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

| -----Original Message-----
| From: david evlis reign [mailto:davidreignat_private]
| Sent: Monday, February 18, 2002 2:36 AM
| To: vuln-devat_private; bugtraqat_private
| Subject: eeye.com insecurities
<snip>
thanks and goodnight.
davidr


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

Next message: Dom De Vitto: "RE: Firewall-1 and ISA D.o.S."
Previous message: Jim Harrison (SPG): "RE: Firewall-1 and ISA D.o.S."
Next in thread: M. Burnett: "RE: eeye.com insecurities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 18 2002 - 14:42:00 PST