IIS 6.0 Server and Unicode Characters

Posted by Srikanth on Stack Overflow See other posts from Stack Overflow or by Srikanth
Published on 2010-05-27T11:53:46Z Indexed on 2010/05/27 14:01 UTC
Read the original article Hit count: 160

Filed under:
|
|
|

We are performing a pen test on a simple asp application that uses MS SQL Database. It seems for the authentication they are using dynamic constructed queries but escaping single qoutes. When we use Unicode quotes like %uFFO7,%u02b9 etc we are able to successfully inject SQL injections. Want to understand is it more a kind of configuration issue of IIS server to cannonicalize Unicode characters or the way the validation function to escape single quotes is written is the cause of the problem?

© Stack Overflow or respective owner

Related posts about sql

Related posts about iis