|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dan Richardson (dan.richardson
paradise.net.nz)Date: Sat Nov 17 2001 - 17:00:06 CST
I'm currently testing some ASP code on an e-commerce site. My question
is could this be used to execute a buffer overflow exploit?
The following URL:
http://www.asite.com/show/showsomething.asp?ID=5
Will retrieve a legitmate item from the database. By playing with the
number a bit-
http://www.asite.com/show/showsomething.asp?ID=32767
Will generate
ADODB.Field error '80020009'
Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record.
But if I bump that number up to 32768 (unsigned integer limit)-
Microsoft VBScript runtime error '800a0006'
Overflow: 'cint'
/show/showsomething.asp, line x
Thanks
Dan
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]