From: Whyte, Jesse (Jesse.Whyte@us.gambro.com)
Date: Wed Jul 03 2002 - 18:28:18 EDT
I'm working on an application that appears to be vulnerable to SQL Injection
and uses an Informix database on the backend. By altering the value sent to
the application via Cold Fusion URL variables, I can get Informix-generated
error messages. Using the error messages, I progress through the typical
stages of a SQL Injection attack, getting Informix ODBC messages that help
steer the creation of a valid string for injection, then getting the column
numbers correct. However, I can't seem to get the data types correct, even
though I have table descriptions for the table that I attempting to select
from.
The URL is basically
http://app.default.com/default.cfm?var='UNION%20ALL%20SELECT%20username%2C%2
0usertype%20FROM%20sysusers
Where sysusers is the Informix system users table that should enumerate the
system users. I'm just trying to grab it as a proof-of-concept. I've
played with all different values in place of username and usertype for
columns, including numerics (1), single characters ("a"), strings
("aaaaaaaa"), and even the column names like they are above. I keep getting
these error messages:
[Informix][Informix ODBC Driver][Informix]Corresponding column types must be
compatible for each UNION statement.
I'm not very SQL proficient, and my SQL resources have been exhausted.
Anybody have any ideas at all? Even esoteric ones? Thanks...
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT