edre1
-
Posts
2 -
Joined
-
Last visited
Posts posted by edre1
-
-
I'm very new at using SqlMap and Sql in general, so I'm hoping you'll be able to offer some advice please.
I have a vulnerable site where I can get the database names and table names, but I am unable to retrieve any entries. An internal 500 error crops up saying there is "[Macromedia][sqlServer JDBC Driver][sqlServer]Incorrect syntax near '('. ".
I'm thinking that it's because the payload is using a CASE WHEN statement but reading about it ColdFusion doesn't allow them.
The payload is:
(SELECT CHAR(113)+CHAR(120)+CHAR(112)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4281=4281) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(122)+CHAR(113)+CHAR(113)
Is there any way this can be turned into a statement that can be used with ColdFusion? - Such as using UNION SELECT or something? - I don't yet know enough to be able to change it myself.
Thank you in advance
Sqlmap - Coldfusion Case When ?
in Security
Posted
Thank you very much for your help! I will have a play around to see if closing the ( works the issues out.
Dan