VBScript Runtime Error'800a0006'

From: whitehat (whitehaat@gmail.com)
Date: Fri Feb 29 2008 - 01:24:32 EST

• Next message: p1g: "Default Account scanning"
• Previous message: p1g: "Re: Pentesting tool - Commercial"
• Next in thread: HACK the PLANET: "Re: VBScript Runtime Error'800a0006'"
• Reply: HACK the PLANET: "Re: VBScript Runtime Error'800a0006'"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi List,

I'm doing Web Application PT for a website which is using IIS-4.0.
I tried giving some bigger number in the parameters of the URL, which
lead to the following error because of exceeding the upper limit of that
particular Datatype:

Microsoft VBScript runtime error '800a0006'
Overflow:'CLng'

/....... .asp, line29

In almost all the URLs I found this issue.
I'm preparing a report advisory for this.
So I'd like to know what are the security issues related to this error.
How an attacker could be able to exploit this flaw.

Thanks in advance

Cheers,

--WHITEHAT

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: p1g: "Default Account scanning"
• Previous message: p1g: "Re: Pentesting tool - Commercial"
• Next in thread: HACK the PLANET: "Re: VBScript Runtime Error'800a0006'"
• Reply: HACK the PLANET: "Re: VBScript Runtime Error'800a0006'"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:26 EDT