Hi, All the test was carried through in system with all patches applied, however, it is enough to request the URL: www.server.com/null.ida?= So that the server presents the error, being that only caracter = (equal) this happens! Any ideas? Marcos Ferreira marcosat_private RWXSecurity - Segurança na Internet http://www.rwxsecurity.com Brett Moore wrote: >Made me think of the .ida bof testing that went on during the code red >season. > > >On A patched system. >Results >Sending 1-199 bytes yields the error: >The IDQ file NULL.ida could not be found. >Nothing written to the event log. > >Sending 200-??? bytes we get: >File . >Error 0x80040e14 caught while processing query >Nothing written to the event log. > > >Were you testing patch/unpatched? > >Brett > >>-----Original Message----- >>From: H D Moore [mailto:sflistat_private] >>Sent: Thursday, 14 March 2002 17:31 >>To: RWXLabs; bugtraqat_private; vuln-devat_private; >>secureat_private >>Subject: Re: idq.dll problem?? >> >> >>On Wednesday 13 March 2002 06:13 pm, RWXLabs wrote: >> >>>Hello, >>> >>>In some tests carried through with servers IIS5, I found the following >>>problem. >>> >>>When requesting the URL: >>> >>>ww.server.com/null.ida?= >>> >>> >>>The server returned the following message: >>> >>>File . Error 0x80040e14 caught while processing query >>> >>Interesting. That error is normally thrown by the ODBC handler anytime an >>invalid/misformed query is made in an ASP script. The error message >>translates into "The command contained one or more errors". >> >>Check out this URL: >> >http://www.adopenstatic.com/faq/80040e14.asp > > >
This archive was generated by hypermail 2b30 : Thu Mar 14 2002 - 22:32:35 PST