Bugtraq mailing list archives

Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln

From: saps.audit () gmail com
Date: 5 Dec 2006 21:29:44 -0000

well actually there no injection sql in the var :
-page
-block

it's just an error for type mismatch ... 
( Microsoft VBScript runtime  error '800a000d'
Type mismatch: '[string: "query_blabla"]'  

i think those guys ( aria ) doesn't understand the difference between an error sql and a injection sql... 
wich i found funny for a security team ;P

Current thread:

[Aria-Security Team] uGestBook SQL Injection Vuln Advisory (Dec 04)
- <Possible follow-ups>
- Re: [Aria-Security Team] uGestBook SQL Injection Vuln Stuart Moore (Dec 05)
- Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln saps . audit (Dec 05)