I was stupid of me to use GET for that in the first place. Lemme know if
you have any other problems. :>

In other news CANVAS is getting an automatic SQL Injection module, but
I'm having some real issues where my SQL Server is actually letting me
compare ints to strings (as if they were pointers or something). Has
anyone seen this before?

-dave

On 28 Jan 2003 15:16:10 +0000
Dan Cuthbert <danidsec.com> wrote:

> Need i say more?
>
>
> Log: [Tue Jan 28 15:06:25 2003] : Possible injection vuln with
> """"""""""""""""""""""""""""""""
> Log: [Tue Jan 28 15:06:21 2003] : Possible injection vuln with
> %n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n
> Log: [Tue Jan 28 15:05:42 2003] : Possible injection vuln with 1
> Log: [Tue Jan 28 15:05:40 2003] : dt
> Log: [Tue Jan 28 15:05:40 2003] : Delving test into:
> /X.X.X.X_443_1/NASApp/registration/attemptLogin.do/POST895039726756HT
> TPA1.1302_X.X.X.X Log: [Tue Jan 28 15:05:40 2003] : Starting overflow
> fuzz on/X.X.X.X_443_1/NASApp/registration/attemptLogin.do
> Log: [Tue Jan 28 15:03:50 2003] : SPIKE UI version 1.4.7 Started
>
>
> tested the new support for restricted pages and hosts and this works
> great (for me at least)
>
>
> cheers Dave :)
>
> dan
>
>
> On Tue, 2003-01-28 at 14:39, Dave Aitel wrote:
> > Let me know if http://www.immunitysec.com/downloads/SP147.tgz works
> > for you guys...
> >
> > -dave
> >
> > _______________________________________________
> > Spike mailing list
> > Spikeimmunitysec.com
> > http://www.immunitysec.com/mailman/listinfo/spike
>
>
> _______________________________________________
> Spike mailing list
> Spikeimmunitysec.com
> http://www.immunitysec.com/mailman/listinfo/spike
>

_______________________________________________
Spike mailing list
Spikeimmunitysec.com
http://www.immunitysec.com/mailman/listinfo/spike

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]