ODBC Error Code = 37000 (Syntax error or access violation)
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 4: Incorrect syntax near '='.
Data Source = "ECommerceTheArchSupport2" SQL = "SELECT QuickJump_Items.ItemId FROM QuickJump_Items WHERE QuickJump_Items.ItemId <> 0 AND QuickJumpId ="
The error occurred while processing an element with a general identifier of (CFQUERY), occupying document position (1:1) to (1:42) in the template file K:\InetPub\clients\login\http\ailment.cfm
The specific sequence of files included or processed is:
K:\INETPUB\CLIENTS\LOGIN\HTTP\AILMENT.CFM This error message indicates that the target web application if running Microsoft SQL and discloses directory structures.
Can you suggest if directory indexing is desbled , how can i use that disclosed path "k:\intepub\...
ReplyDeleteHi Siddharth,
ReplyDeleteHaving known the internal software details, you may attempt default usernames/passwords or attempt SQL Injection queries that provide an SQL true statement (such as OR 1=1#).
Else the physical path may not be of much importance to you.