Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

CFM SQL injection
From: "Charlie Liserne" <Chili () SexMagnet com>
Date: Sat, 15 Dec 2001 23:22:14 +0100
Hello guys,

I'm performing a pen-test against a web with Coldfusion installed. I obtain
some error information, but I'm not able to do nothing because the server
never understand the parameters I send.

The correct page is as follows:
http://www.server.com/page.cfm?page_id=8

My probes are following:

-------------------
Request: http://www.server.com/page.cfm?page_id=8' 

Result:
Invalid parameter type
Cannot convert 19' to number.
Please, check the ColdFusion manual for the allowed conversions between
data types
The error occurred while processing an element with a general identifier of
(CFPARAM), occupying document position (5:1) to (5:61).
Template: c:\blabla\page.cfm
Query String: page_id=19'
------------------------

So it isn't interpreting the ' and I don't know how to execute commands. It
seems that it is not an SQL issue, instead it looks a coldfusion error.
Another probe follows:

--------------------
Request: http://www.server.com/page.cfm?page_id=0

Result:
ODBC Error Code = 37000 (Syntax error or access violation)
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 3: Incorrect syntax
near '='.
The error occurred while processing an element with a general identifier of
(CFQUERY), occupying document position (15:1) to (16:65).
------------------

Okay, i get an error from the SQL database. But still don't know how to
take advantage of it. I don't know the database name and I have very little
info about it.

Also, there are two more interesting probes:
---------------------------
Request:http://www.server.com/page.cfm?page_id=3,

Result:
Invalid parameter type
Cannot convert 3, to number.
Please, check the ColdFusion manual for the allowed conversions between
data types
The error occurred while processing an element with a general identifier of
(CFPARAM), occupying document position (5:1) to (5:61).
----------------------------
Request: http://www.server.com/page.cfm?page_id=3,4

Result:
ODBC Error Code = 37000 (Syntax error or access violation)
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 3: Incorrect syntax
near ','.
The error occurred while processing an element with a general identifier of
(CFQUERY), occupying document position (6:1) to (6:72).
-------------------------------

Do you know how to exploit this (if it's possible)?

Regards,
Charlie.




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]