Hosting Provided By

Re: Cold Fusion and Sql Injection

From: Cesar <cesarc56(at)yahoo.com>
Date: Sat Jun 21 2003 - 13:24:01 EDT

It seems that the web application is using stored procedures, the problem you have is because the parameter you are playing with is an integer parameter, then when the web application calls the stored procedure with a non integer value you get that error.

Cesar.

George Fekkas <G.Fekkas@encode-sec.com> wrote:
>
>
>

> Any views expressed in this message are those of the

> > I am performing a web application penetration test

> Latest attack techniques.

Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com

Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980

Received on Mon Jun 23 17:03:12 2003

This message: [ Message body ]
Next message: wing.hon.loke(at)sg.pwc.com: "Re: WebService pentest tool on"
Previous message: Javier Fernandez-Sanguino: "Re: Cold Fusion and Sql Injection"
In reply to: George Fekkas: "Cold Fusion and Sql Injection"
In reply to morning_wood: "Re: Cold Fusion and Sql Injection"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:38 EDT