Penetration Testing mailing list archives
ASP code testing
From: "Dan Richardson" <dan.richardson () paradise net nz>
Date: Sun, 18 Nov 2001 12:00:06 +1300
I'm currently testing some ASP code on an e-commerce site. My question is could this be used to execute a buffer overflow exploit? The following URL: http://www.asite.com/show/showsomething.asp?ID=5 Will retrieve a legitmate item from the database. By playing with the number a bit- http://www.asite.com/show/showsomething.asp?ID=32767 Will generate ADODB.Field error '80020009' Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record. But if I bump that number up to 32768 (unsigned integer limit)- Microsoft VBScript runtime error '800a0006' Overflow: 'cint' /show/showsomething.asp, line x Thanks Dan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- ASP code testing Dan Richardson (Nov 18)
- Re: ASP code testing Bojo (Nov 19)
- Re: ASP code testing Kevin Spett (Nov 19)
- RE: ASP code testing Omar Koudsi (Nov 19)
- <Possible follow-ups>
- Re: ASP code testing rudi carell (Nov 19)