[LINK] The ACS, TIPI and ICT in Australia

Sat Aug 19 19:34:46 AEST 2006

link-bounces at anumail0.anu.edu.au <> wrote:
|| On Sat, 2006-08-19 at 19:06 +1000, Fred Pilcher wrote:
||| Jan wrote:
|||| At 01:05 PM 19/08/2006, Karl Auer wrote:
||||| and appears to contain the gist of the document:
||||| 
|||| 
||| http://www.acs.org.au/index.cfm?action=notice&temID=noticedetails&n
||||| otID=673O
|||| 
|||| cute:
|||| 
|||| Error Executing Database Query.
|||| [Macromedia][SQLServer JDBC Driver][SQLServer]Syntax error
|||| converting the varchar value '673O' to a column of data type int.
||| 
||| Combined with Karl's exposition, that has to be one of the most
||| powerful statements I've seen in a long time. I'd laugh if it
||| wasn't so tragic. 
|| 
|| Indeed - except that the "O" was my fault. I managed to
|| paste the URL in after the "O" of the quote intro ("On Saturday...").
|| 
|| This is the correct URL:
|| 
|| http://www.acs.org.au/index.cfm?action=notice&temID=noticedet
|| ails&notID=673 
|| 
|| I have advised Ms Bligh.
|| 
|| The bumph that this simple error elicits from the ACS
|| website is, however, a truly powerful statement, as you say! :-)

Also highlights the fact those who should know better compromise security at
levels far above the user level.  Generating error dumps is one of the classic
hacker information gathering exercises.

Darryl (Dassa) Lynch 