IIS 6.0 Server and Unicode Characters
Posted
by Srikanth
on Stack Overflow
See other posts from Stack Overflow
or by Srikanth
Published on 2010-05-27T11:53:46Z
Indexed on
2010/05/27
14:01 UTC
Read the original article
Hit count: 160
We are performing a pen test on a simple asp application that uses MS SQL Database. It seems for the authentication they are using dynamic constructed queries but escaping single qoutes. When we use Unicode quotes like %uFFO7,%u02b9 etc we are able to successfully inject SQL injections. Want to understand is it more a kind of configuration issue of IIS server to cannonicalize Unicode characters or the way the validation function to escape single quotes is written is the cause of the problem?
© Stack Overflow or respective owner