I'm working on an application that appears to be vulnerable to SQL Injection and uses an Informix database on the backend. By altering the value sent to the application via Cold Fusion URL variables, I can get Informix-generated error messages. Using the error messages, I progress through the typical stages of a SQL Injection attack, getting Informix ODBC messages that help steer the creation of a valid string for injection, then getting the column numbers correct. However, I can't seem to get the data types correct, even though I have table descriptions for the table that I attempting to select from. The URL is basically http://app.default.com/default.cfm?var='UNION%20ALL%20SELECT%20username%2C%2 0usertype%20FROM%20sysusers Where sysusers is the Informix system users table that should enumerate the system users. I'm just trying to grab it as a proof-of-concept. I've played with all different values in place of username and usertype for columns, including numerics (1), single characters ("a"), strings ("aaaaaaaa"), and even the column names like they are above. I keep getting these error messages: [Informix][Informix ODBC Driver][Informix]Corresponding column types must be compatible for each UNION statement. I'm not very SQL proficient, and my SQL resources have been exhausted. Anybody have any ideas at all? Even esoteric ones? Thanks... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jul 03 2002 - 20:03:51 PDT