Page 2 - Access IIF security leak

ASP Free Forums Sponsor:

SlickEdit: Code in over 40 languages across 7 platforms. SlickEdit’s unmatched power, speed, and flexibility allows even the most accomplished developers to write better code faster. Download a free trial today!

#16

December 5th, 2006, 03:01 PM

Doug G

Grumpier Old Moderator

ASP Free God 11th Plane (10000 - 10499 posts)

Join Date: Sep 2003

Posts: 10,143

Time spent in forums: 3 Weeks 4 Days 18 h 51 m 25 sec
Reputation Power: 180

Quote:

Originally Posted by Shadow Wizard

I used it in ASP code, see my code in post #7 - execute it
yourself, using the database degsy gave.

You already did so I'll move on to something else

__________________
======
Doug G
======
I didn't attend the funeral, but I sent a nice letter saying I approved of it. --Mark Twain

#17

December 6th, 2006, 06:18 PM

Doug G

Grumpier Old Moderator

Join Date: Sep 2003

Posts: 10,143

Time spent in forums: 3 Weeks 4 Days 18 h 51 m 25 sec
Reputation Power: 180

To elaborate a bit more, nothing I can find in the Access documentation indicates that IIF is a supported Jet SQL statement, rather that it's a VBA function in access. Generally VBA functions in Access are not available to external ADO code, so my guess is still that the OLEDB provider or something else is performing the IIF, giving undesired results.

#18

December 7th, 2006, 03:37 AM

Shadow Wizard

Moderator From Beyond

Join Date: Sep 2004

Location: Israel

Posts: 26,642

Folding Points: 326366 Folding Title: Super Ultimate Folder - Level 1

Time spent in forums: 3 Months 1 Week 4 Days 16 h 33 sec
Reputation Power: 1471

just got very interesting results.
I have executed the code in post #7 on my local machine
and got no "extra" contents, it only truncated the string
after 255 characters.
I have changed the code back to this:

Code:

sql = "SELECT id, name, section1, " &_
	"IIF(section1_enabled, section1, 'Empty') as sect1 " &_ 
	"FROM pages WHERE name = '" & page & "'"

attached is the result as IIF_screenshot_2.GIF.

after this I created system DSN and changed the code to use
this DSN.. I got error:

Code:

Microsoft VBScript runtime (0x800A000D)
Type mismatch: 'Server.HTMLEncode'

to fix that, I changed this line:

Code:

	section1_HTML = Server.HTMLEncode(rs("section1"))

to this:

Code:

	section1_HTML = Server.HTMLEncode(section1)

and guess what? I could not replicate the problem of getting
"trash" contents. it always returned the first 255 characters
of whatever I gave it.

Attached Images

IIF_screenshot_2.GIF (10.0 KB, 218 views)

__________________

Visit The Windows Scripting Guru

Page 2 of 2

Viewing: ASP Free Forums > System Administration > Windows Security > Access IIF security leak

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump