|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 89
Members: 0
Total: 89
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Is it possible to exploit? |
|
Posted: Fri Jun 19, 2009 11:33 pm |
|
|
delta |
Advanced user |
|
|
Joined: Jan 11, 2009 |
Posts: 60 |
|
|
|
|
|
|
|
Is it possible to exploit these kind of errors?
Quote: | Server Error in '/hmr' Application.
Input string was not in a correct format.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.FormatException: Input string was not in a correct format.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[FormatException: Input string was not in a correct format.]
System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info) +0
System.Convert.ToInt32(String value) +30
HMR.DetalhesProdutoAudio.Page_Load(Object sender, EventArgs e) in C:\Inetpub\wwwroot\HMR\DetalhesProdutoAudio.aspx.cs:51
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +750
Version Information: Microsoft .NET Framework Version:1.1.4322.2407; ASP.NET Version:1.1.4322.2407 |
|
|
|
|
|
|
|
Re: Is it possible to exploit? |
|
Posted: Sat Jun 20, 2009 6:33 pm |
|
|
julioisaias |
Valuable expert |
|
|
Joined: Jan 25, 2008 |
Posts: 50 |
|
|
|
|
|
|
|
delta wrote: | Microsoft .NET Framework Version:1.1.4322.2407 |
Try inject NULL Bytes for information disclosure.
This bug is treated in securiteam
For more information: MS07-040 |
|
_________________ I study enough to make the rest a result. |
|
|
|
Posted: Sat Jun 20, 2009 6:50 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Code: |
[FormatException: Input string was not in a correct format.]
System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info) +0
System.Convert.ToInt32(String value) +30
|
Seems like input data sanitization, similar to php "intval()", so I don't believe that it's exploitable. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|