Collaborate Disseminate
The VBScript’s RegExp object used in Classic ASP allows one to set a pattern then execute it. If a user provides the search string, is it exploitable for IDS08-J / CWE-625 (Permissive Regex)? Or does the RegExp object sanitize input to … Continue reading Is VBScript RegExp object exploitable with a code injection or does it escape special characters?
I’ve some experiences of working with PHP web applications vulnerable to SQL injection and exploiting this type of vulnerability successfully but never tried to do this on a ASP based web application. When we try to find out … Continue reading How to know if an ASP web page is vulnerable to SQL injection?
I’ve some experiences of working with PHP web applications vulnerable to SQL injection and exploiting this type of vulnerability successfully but never tried to do this on a ASP based web application. When we try to find out … Continue reading How to know if an ASP web page is vulnerable to SQL injection?
Looking at some old classic ASP sites which could do with a bit of tightening up. The SQL server database connection string has the password in clear text within an include file on the server. Obviously this is nasty as anyon… Continue reading Hiding database passwords for classic ASP connection strings
Looking at some old classic ASP sites which could do with a bit of tightening up. The SQL server database connection string has the password in clear text within an include file on the server. Obviously this is nasty as anyone with access … Continue reading Hiding database passwords for classic ASP connection strings
Using classic ASP, is this the right way to do to protect against XSS?
var1=untrusteduserinput
Showing a text in the body
<%=server.htmlencode(var1)%>
Showing a link in the body
<a href=”http://www.example.com… Continue reading Using classic ASP, is this the right way to do to protect against XSS?
Using classic ASP, is this the right way to do to protect against XSS?
var1=untrusteduserinput
Showing a text in the body
<%=server.htmlencode(var1)%>
Showing a link in the body
<a href=”http://www.example.com… Continue reading Using classic ASP, is this the right way to do to protect against XSS?
There’s a Classic ASP application at my job that is (I believe) highly vulnerable to SQL injection. I want to prove to management that this code isn’t secure, but all I’m able to do is insert “SQLINJ” log records in the datab… Continue reading How can this input-sanitizer function be defeated?
There’s a Classic ASP application at my job that is (I believe) highly vulnerable to SQL injection. I want to prove to management that this code isn’t secure, but all I’m able to do is insert “SQLINJ” log records in the datab… Continue reading How can this input-sanitizer function be defeated?
In the file structure of my site, I see some randomly generated files like ‘justinbieber.asp’, ‘justinbiebershoes.asp’,’guccishoes.asp’ etc. I tried deleting them but they are generated again. Can anybody tell me the cause of… Continue reading Random pages getting created on classic asp site