Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

SQL Injection

From: Alex Harasic <aharasic () terra cl>
Date: 20 Feb 2002 15:54:16 -0000



Hi, I was trying SQL Injection things and I ran into the 
following problem:

http://www.targethost.com/test.asp?pm=&apos;)

And I get the following results:

Microsoft VBScript runtime error '800a000d' 

Type mismatch: '[string: "'"]' 

D:\WEBROOT\..\..\include\ConstantesDNAfs.inc, 
line 53 



Ok. Besides the Path Disclosure problem, I'm trying 
to build a SQL Query but it seems the server won't 
let me pass quotes ( ' ) to it.

If instead of sending ') as a parameter I just put a ', it 
brings me back to the start page.

Is there any way to bypass this type mismatch 
thing?, I could make sql queries work with other .asp 
but not this one..


Alex S. Harasic
aharasic () terra cl

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: