Hi, I was trying SQL Injection things and I ran into the
following problem:
http://www.targethost.com/test.asp?pm=')
And I get the following results:
Microsoft VBScript runtime error '800a000d'
Type mismatch: '[string: "'"]'
D:\WEBROOT\..\..\include\ConstantesDNAfs.inc,
line 53
Ok. Besides the Path Disclosure problem, I'm trying
to build a SQL Query but it seems the server won't
let me pass quotes ( ' ) to it.
If instead of sending ') as a parameter I just put a ', it
brings me back to the start page.
Is there any way to bypass this type mismatch
thing?, I could make sql queries work with other .asp
but not this one..
Alex S. Harasic
[EMAIL PROTECTED]
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
