edre1 Posted February 13, 2016 Share Posted February 13, 2016 I'm very new at using SqlMap and Sql in general, so I'm hoping you'll be able to offer some advice please. I have a vulnerable site where I can get the database names and table names, but I am unable to retrieve any entries. An internal 500 error crops up saying there is "[Macromedia][sqlServer JDBC Driver][sqlServer]Incorrect syntax near '('. ". I'm thinking that it's because the payload is using a CASE WHEN statement but reading about it ColdFusion doesn't allow them. The payload is: (SELECT CHAR(113)+CHAR(120)+CHAR(112)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4281=4281) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(122)+CHAR(113)+CHAR(113) Is there any way this can be turned into a statement that can be used with ColdFusion? - Such as using UNION SELECT or something? - I don't yet know enough to be able to change it myself. Thank you in advance Quote Link to comment Share on other sites More sharing options...
cooper Posted February 15, 2016 Share Posted February 15, 2016 I think some identation can clarify some of the problem: ( SELECT CHAR(113)+CHAR(120)+CHAR(112)+CHAR(122)+CHAR(113)+( SELECT ( CASE WHEN (4281=4281) THEN CHAR(49) ELSE CHAR(48) END ) )+CHAR(113)+CHAR(106)+CHAR(122)+CHAR(113)+CHAR(113) As you can see, there's an unclosed ( in there. Indeed, the CASE is something I've never EVER before seen in SQL like this. In PSQL, sure, but as part of your SQL statement? Without the subselects and other stuff you do to try and obfuscate what's going on, here's what that reads: ( 'qxpzq1qjzqq' I have no idea what the value of this might be in the context of your attack, but hopefully you do. Quote Link to comment Share on other sites More sharing options...
edre1 Posted February 15, 2016 Author Share Posted February 15, 2016 Thank you very much for your help! I will have a play around to see if closing the ( works the issues out. Dan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.