Jump to content

Sqlmap - Coldfusion Case When ?


Recommended Posts

I'm very new at using SqlMap and Sql in general, so I'm hoping you'll be able to offer some advice please.

I have a vulnerable site where I can get the database names and table names, but I am unable to retrieve any entries. An internal 500 error crops up saying there is "[Macromedia][sqlServer JDBC Driver][sqlServer]Incorrect syntax near '('. ".

I'm thinking that it's because the payload is using a CASE WHEN statement but reading about it ColdFusion doesn't allow them.

The payload is:

(SELECT CHAR(113)+CHAR(120)+CHAR(112)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4281=4281) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(122)+CHAR(113)+CHAR(113)

Is there any way this can be turned into a statement that can be used with ColdFusion? - Such as using UNION SELECT or something? - I don't yet know enough to be able to change it myself.

Thank you in advance

Link to comment
Share on other sites

I think some identation can clarify some of the problem:


SELECT CHAR(113)+CHAR(120)+CHAR(112)+CHAR(122)+CHAR(113)+(





As you can see, there's an unclosed ( in there.

Indeed, the CASE is something I've never EVER before seen in SQL like this. In PSQL, sure, but as part of your SQL statement?

Without the subselects and other stuff you do to try and obfuscate what's going on, here's what that reads:

( 'qxpzq1qjzqq'

I have no idea what the value of this might be in the context of your attack, but hopefully you do.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...