<<< Date Index >>>     <<< Thread Index >>>

Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln



well actually there no injection sql in the var :
-page
-block

it's just an error for type mismatch ... 
( Microsoft VBScript runtime  error '800a000d'
Type mismatch: '[string: "query_blabla"]'  

i think those guys ( aria ) doesn't understand the difference between an error 
sql and a injection sql... 
wich i found funny for a security team ;P