Vulnerability Development mailing list archives

Re: VisualBasic auditing

From: Cesar <cesarc56 () yahoo com>
Date: Tue, 18 Feb 2003 12:12:02 -0800 (PST)

You can exploit SQL injection in Visual Basic
applications. Also some applications have
authentication (users and passwords) information built
in the code, so you can look at the .exe using strings
(from sysinternals), hex editors, etc.

Cesar.
--- Some d00d <shavidi () yahoo com> wrote:





Hi folks




I am auditing some network application and a 
significant number of them are written in MS Visual 
Basic. Have anyone done some work on exploiting VB 
software before? I assume that traditional methods
such 
as buffer overflows will not work here.




Are there any tools around for this (such as VB 
disassemblers and de-scramblers)?


Can you point me to any sources of information?




Thanks in advance, SD



__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com

Current thread:

VisualBasic auditing Some d00d (Feb 18)
- RE: VisualBasic auditing Rob Shein (Feb 18)
- Re: VisualBasic auditing Cesar (Feb 18)
  - Re: VisualBasic auditing2 gr00vy (Feb 20)
- Re: VisualBasic auditing Voguemaster (Feb 20)
- Re: VisualBasic auditing Arjun Pednekar (Feb 20)
- <Possible follow-ups>
- RE: VisualBasic auditing Kayne Ian (Softlab) (Feb 20)