eeye.com insecurities

["david evlis reign" <davidreign () hotmail com>]

food for thought:
who can you trust when the people who are *supposed* to be protecting you 
cant even secure their own site?

the details:
eeye.com is run on the (in)famous webserver IIS, and eeye is purely a 
micrsoft orientated site.

the problem lies in its forums, some misplaced ' lead to an information leak 
and possibly an sql injection problem.

as follows:
http://www.eeye.com/~apps/modules/Forum/threads.asp?cat=t.0326.192953.399014&filter='90

Microsoft VBScript runtime error '800a000d'
Type mismatch: 'CLng'
/~apps/modules/Forum/threads.asp, line 13

ohk we have sourced this out, next we find that a string of say hmm 30 
chars, all integers crashes the app.

http://www.eeye.com/~apps/modules/Forum/threads.asp?
cat=t.0326.192953.399014&filter=90909090909090909090909090909909090

Microsoft VBScript runtime error '800a0006'
Overflow: 'CLng'
/~apps/modules/Forum/threads.asp, line 13

one looks at this and *immediately* says "integer overflow"
interesting.

we can see there is some sql calls there somewhere so therfore possible cmd 
execution.

also, one has to ask the question: are the blind leading the blind?
a small information leak could be *vital* in finding webroots etc...might 
have been handy to those crazy defacers in the day.
thanks and goodnight.
davidr


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com