Dailydave mailing list archives
Does .aspx Protect Against Sql Injection? Not all field right? Any way to bypass it? Cookie SQL Injections?
From: Danett song <danett18 () yahoo com br>
Date: Tue, 30 Jan 2007 23:33:49 -0300 (ART)
Hi guys, Is there any new protection mechanism configured by default in .NET framework (or maybe IIS6) wich make .aspx files not vulnerable to SQL Injection? If yes, is there any document that show what it protect against ? Someone aware of evasion methods to bypass it (a document link is welcome)? Also, I think it doesn't check/filter session values, I made a test setting the "Cookie" value with some chars like quote (as used in sql injection tests via url) and I got this error from the application (showing the server is using a SQL Server): invalid character value for cast specification I never tryed to exploit a sql injection in cookie values and never had seen this error before (which appear to be a cast conversion error).... any tip for me? Any document (link) ? Thank you a lot, Regards __________________________________________________ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Does .aspx Protect Against Sql Injection? Not all field right? Any way to bypass it? Cookie SQL Injections? Danett song (Jan 30)