Although I doubt many people really care about the location of virtual directories at eeye.com and these reported vulnerabilities are just lame, there is one good practice everyone should add to their security checklist: Change "Send detailed ASP error messages to client" to "Send text error message to client" Mark Burnett www.xato.net On Mon, 18 Feb 2002 14:31:26 -0800, Marc Maiffret wrote: >The information posted about the forums on eeye.com is false. > >Lets examine.... > > >http://www.eeye.com/~apps/modules/Forum/threads.asp?cat=t.0326.192953 >.39 9014&filter='90 > >Microsoft VBScript runtime error '800a000d' Type mismatch: 'CLng' >/~apps/modules/Forum/threads.asp, line 13 > >CLng is a Visual Basic function that converts a string to a subtype >Long. >The ' character within "'90" causes that conversion to fail and >therefore you get the above error from VB. There is no programs or >modules or anything failing. Just that single ASP script, that >someone specifically passes wrong arguments to, fails. However, that >affects nothing. The ' has nothing to do, in this case, with any SQL >injection etc... > >http://www.eeye.com/~apps/modules/Forum/threads.asp? >cat=t.0326.192953.399014&filter=90909090909090909090909090909909090 > >Microsoft VBScript runtime error '800a0006' Overflow: 'CLng' >/~apps/modules/Forum/threads.asp, line 13 > >This next one is not a buffer overflow or anything of that nature. >When the multiple 90's go through the CLng conversion the conversion >fails because the number sent is bigger than Long can store. Once >again, there is no exploit or vulnerability here. Nor does this >cause anything to crash on our server. Nor is there any SQL >injection problem here. > >Also there is no information leak. Well unless someone thinks that >getting the virtual path to threads.asp >(/apps/modules/Forum/threads.asp) is an information leak... In which >case maybe you should be educated on your web browsers powerful View >Source functionality which can give you the same information. > >Thank you for making my brain hurt on my day off, please drive >through. > >Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security >T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network >Security Scanner http://eEye.com/Iris - Network Traffic Analyzer >http://eEye.com/SecureIIS - Stop known and unknown IIS >vulnerabilities > >| -----Original Message----- >| From: david evlis reign [mailto:davidreignat_private] >| Sent: Monday, February 18, 2002 2:36 AM | To: vuln >-devat_private; bugtraqat_private | Subject: >eeye.com insecurities <snip> thanks and goodnight. >davidr > > >_________________________________________________________________ >Send and receive Hotmail on your mobile device: >http://mobile.msn.com > >
This archive was generated by hypermail 2b30 : Mon Feb 18 2002 - 20:40:20 PST