Penetration Testing mailing list archives
SQL Injection
From: Alex Harasic <aharasic () terra cl>
Date: 20 Feb 2002 15:54:16 -0000
Hi, I was trying SQL Injection things and I ran into the following problem: http://www.targethost.com/test.asp?pm=') And I get the following results: Microsoft VBScript runtime error '800a000d' Type mismatch: '[string: "'"]' D:\WEBROOT\..\..\include\ConstantesDNAfs.inc, line 53 Ok. Besides the Path Disclosure problem, I'm trying to build a SQL Query but it seems the server won't let me pass quotes ( ' ) to it. If instead of sending ') as a parameter I just put a ', it brings me back to the start page. Is there any way to bypass this type mismatch thing?, I could make sql queries work with other .asp but not this one.. Alex S. Harasic aharasic () terra cl ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- SQL Injection Alex Harasic (Feb 22)
- Re: SQL Injection Kevin Spett (Feb 25)