RE: eeye.com insecurities

["M. Burnett" <mb () xato net>]

Although I doubt many people really care about the location of
virtual directories at eeye.com and these reported vulnerabilities
are just lame, there is one good practice everyone should add to
their security checklist:  Change "Send detailed ASP error messages
to client" to "Send text error message to client"

Mark Burnett
www.xato.net



On Mon, 18 Feb 2002 14:31:26 -0800, Marc Maiffret wrote:
> The information posted about the forums on eeye.com is false.
>
> Lets examine....
>
>
> http://www.eeye.com/~apps/modules/Forum/threads.asp?cat=t.0326.192953

> .39 9014&filter='90
>
> Microsoft VBScript runtime error '800a000d' Type mismatch: 'CLng'
> /~apps/modules/Forum/threads.asp, line 13
>
> CLng is a Visual Basic function that converts a string to a subtype
> Long.
> The ' character within "'90" causes that conversion to fail and
> therefore you get the above error from VB. There is no programs or
> modules or anything failing. Just that single ASP script, that
> someone specifically passes wrong arguments to, fails. However, that
> affects nothing. The ' has nothing to do, in this case, with any SQL
> injection etc...
>
> http://www.eeye.com/~apps/modules/Forum/threads.asp?
> cat=t.0326.192953.399014&filter=90909090909090909090909090909909090
>
> Microsoft VBScript runtime error '800a0006' Overflow: 'CLng'
> /~apps/modules/Forum/threads.asp, line 13
>
> This next one is not a buffer overflow or anything of that nature.
> When the multiple 90's go through the CLng conversion the conversion
> fails because the number sent is bigger than Long can store. Once
> again, there is no exploit or vulnerability here. Nor does this
> cause anything to crash on our server. Nor is there any SQL
> injection problem here.
>
> Also there is no information leak. Well unless someone thinks that
> getting the virtual path to threads.asp
> (/apps/modules/Forum/threads.asp) is an information leak... In which
> case maybe you should be educated on your web browsers powerful View
> Source functionality which can give you the same information.
>
> Thank you for making my brain hurt on my day off, please drive
> through.
>
> Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security
> T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network
> Security Scanner http://eEye.com/Iris - Network Traffic Analyzer
> http://eEye.com/SecureIIS - Stop known and unknown IIS
> vulnerabilities
>
> | -----Original Message-----
> | From: david evlis reign [mailto:davidreign () hotmail com]
> | Sent: Monday, February 18, 2002 2:36 AM | To: vuln
> -dev () securityfocus com; bugtraq () securityfocus com | Subject:
> eeye.com insecurities <snip> thanks and goodnight.
> davidr
>
>
> _________________________________________________________________
> Send and receive Hotmail on your mobile device:
> http://mobile.msn.com