[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln
From: saps.audit@xxxxxxxxx
Date: 5 Dec 2006 21:29:44 -0000

well actually there no injection sql in the var :
-page
-block

it's just an error for type mismatch ... 
( Microsoft VBScript runtime  error '800a000d'
Type mismatch: '[string: "query_blabla"]'  

i think those guys ( aria ) doesn't understand the difference between an error 
sql and a injection sql... 
wich i found funny for a security team ;P

Prev by Date: Re: Symantec LiveState Agent for Windows vulnerabi
Next by Date: Re: Symantec LiveState Agent for Windows vulnerabi
Previous by thread: Re: [Aria-Security Team] uGestBook SQL Injection Vuln
Next by thread: [SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities
Index(es):
- Date
- Thread