 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 102
 Members: 0
 Total: 102
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
clng result injection |
|
 Posted: Sun Jul 04, 2010 11:02 pm |
 |
|
| neel |
| Beginner |
 |
|
| Joined: Jul 05, 2010 |
| Posts: 4 |
|
|
|
 |
|
 |
|
Hello world! , whaz up?I just wanted to ask about a sql error i am getting ..which is this ->
Microsoft VBScript runtime error '800a000d'
Type mismatch: 'CLng' ,
you see i looked everywhere but i couldn't find any help!Anyone , who can help me , give me info / links / ... !
thx! |
|
|
|
|
| Posted: Tue Jul 06, 2010 2:06 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
VBScript function "CLng" is similar to intval or floatval in php:
http://www.virtualsplat.com/tips/asp-function-clng.asp
It tries to convert input string to numeric value.
Php-s floatval() will not give error messages in case of bad input,
but ASP/VBScript CLng() is more sensitive and just fails if you try to feed in non-numeric data.
So there is no sql injection, only possible path disclosure. |
|
|
|
|
| Posted: Tue Jul 06, 2010 5:08 pm |
|
|
| neel |
| Beginner |
|
|
| Joined: Jul 05, 2010 |
| Posts: 4 |
|
|
|
|
|
|
|
| Thx!, a lot about your answer.You really , released my mind ; ) |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
