Audigy
New member
hey
this is kind of for a pet personal project of mine, but basically i'd like to prove to someone that allowing characters like < and > in their search strings is a bad idea.
the site runs some unknown version of IIS and the pages are coded mostly in vb 7.0/.net something.
after submitting a search string, it's returned and displayed... and i've gotten html and vbscript to parse.
Are there any fun things I could submit it the search string to affect the remote server? it's running IIS with no custom error pages yet, so yay, server info:
Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032
thanks for any help
-- http://www.oddigy.com beadsprites and PSFs, oh my!
this is kind of for a pet personal project of mine, but basically i'd like to prove to someone that allowing characters like < and > in their search strings is a bad idea.
the site runs some unknown version of IIS and the pages are coded mostly in vb 7.0/.net something.
after submitting a search string, it's returned and displayed... and i've gotten html and vbscript to parse.
Are there any fun things I could submit it the search string to affect the remote server? it's running IIS with no custom error pages yet, so yay, server info:
Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032
thanks for any help
-- http://www.oddigy.com beadsprites and PSFs, oh my!