alireza hassani
2005-08-16 07:57:21 UTC
This is the KAPDA.ir 's advisory
(Powered by PersianHacker.NET
Discussion
PersianBlog.com is the Weblog service for Persia
users
Over 75 per cent of Persian-language content on th
Internet belonged to Persianblog with 63,000 number o
blogs.
Website: http://www.persianblog.co
---------------------------------------------------------------
vulnerability
Several scripts do not properly validate user-supplie
input. A remote user can create specially crafte
parameter values that will execute SQL commands on th
underlying database
---------------------------------------------------------------
Description
http://www.xxxxxxxblog.com/userslist.asp?page=2'&catid=1
Error
Microsoft VBScript runtime error '800a000d'
Type mismatch: 'Cint'
/userslist.asp, line 21
http://www.xxxxxxxblog.com/userslist.asp?page=255555&catid=
Error
Microsoft VBScript runtime error '800a0006'
Overflow: 'Cint'
/userslist.asp, line 213
CInt is a Visual Basic function, There is no program
or modules or anything failing. Just that single AS
script, that someone specifically passes wron
arguments to, fails
and the next one is not a buffer overflow or anythin
of that nature,When the multiple numbers go throug
the CInt conversion the conversion fails because th
number sent is bigger than Long can store. Once again
there is no exploit or vulnerability here
but playing with catid parameter gives us somethin
new
http://www.xxxxxxxblog.com/userslist.asp?page=2&catid=1600
Error
ADODB.Field error '800a0bcd'
Either BOF or EOF is True, or the current record ha
been deleted. Requested operation requires a curren
record.
/userslist.asp, line 221
http://www.xxxxxxxblog.com/userslist.asp?page=2&catid=16000&catid
Error
Microsoft OLE DB Provider for SQL Server erro
'80040e14'
Line 1: Incorrect syntax near ','.
/userslist.asp, line 22
We are not going to discuss about this issue i
detaills anymore, becaus
There is not any vendor-supplied solution at the tim
of this entry
----------------------------------------------------------------
Impact
A remote user can execute SQL commands on th
underlying database
solution
Currently we are not aware of any vendor-supplie
patches for this issu
----------------------------------------------------------------
This vulnerabilty has been found and released b
trueend
Kapda - Security Science Researchers Insitute of Ira
http://www.KAPDA.i
(PersianHacker.NET
_________________________________________________
Do You Yahoo!
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
(Powered by PersianHacker.NET
Discussion
PersianBlog.com is the Weblog service for Persia
users
Over 75 per cent of Persian-language content on th
Internet belonged to Persianblog with 63,000 number o
blogs.
Website: http://www.persianblog.co
---------------------------------------------------------------
vulnerability
Several scripts do not properly validate user-supplie
input. A remote user can create specially crafte
parameter values that will execute SQL commands on th
underlying database
---------------------------------------------------------------
Description
http://www.xxxxxxxblog.com/userslist.asp?page=2'&catid=1
Error
Microsoft VBScript runtime error '800a000d'
Type mismatch: 'Cint'
/userslist.asp, line 21
http://www.xxxxxxxblog.com/userslist.asp?page=255555&catid=
Error
Microsoft VBScript runtime error '800a0006'
Overflow: 'Cint'
/userslist.asp, line 213
CInt is a Visual Basic function, There is no program
or modules or anything failing. Just that single AS
script, that someone specifically passes wron
arguments to, fails
and the next one is not a buffer overflow or anythin
of that nature,When the multiple numbers go throug
the CInt conversion the conversion fails because th
number sent is bigger than Long can store. Once again
there is no exploit or vulnerability here
but playing with catid parameter gives us somethin
new
http://www.xxxxxxxblog.com/userslist.asp?page=2&catid=1600
Error
ADODB.Field error '800a0bcd'
Either BOF or EOF is True, or the current record ha
been deleted. Requested operation requires a curren
record.
/userslist.asp, line 221
http://www.xxxxxxxblog.com/userslist.asp?page=2&catid=16000&catid
Error
Microsoft OLE DB Provider for SQL Server erro
'80040e14'
Line 1: Incorrect syntax near ','.
/userslist.asp, line 22
We are not going to discuss about this issue i
detaills anymore, becaus
There is not any vendor-supplied solution at the tim
of this entry
----------------------------------------------------------------
Impact
A remote user can execute SQL commands on th
underlying database
solution
Currently we are not aware of any vendor-supplie
patches for this issu
----------------------------------------------------------------
This vulnerabilty has been found and released b
trueend
Kapda - Security Science Researchers Insitute of Ira
http://www.KAPDA.i
(PersianHacker.NET
_________________________________________________
Do You Yahoo!
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com