[VIM] vendor dispute: 22066: SpireMedia CMS index.cfm cid Variable SQL Injection (fwd)

Steven M. Christey coley at linus.mitre.org
Wed Jan 18 00:14:40 EST 2006 

*sigh*

REALLY now?

Since they TOLD us to give them proof:

  http://www.spiremedia.com/spiremedia2k5/index.cfm?cid='


Did anybody *else* receive the following output????


=========================================================


Invalid data ' for CFSQLTYPE CF_SQL_INTEGER.


The error occurred in /u05/dev_projects_2002/com/spiremedia/2k5/page.cfc:
line 51

49 : 				<cfprocparam type = "in" CFSQLType =
"CF_SQL_INTEGER" dbVarName = "@cid" value = "#this.cid#">
50 : 				<cfprocparam type = "in" CFSQLType =
"CF_SQL_TINYINT" dbVarName = "@siteid" value = "#arguments.siteid#">
51 : 				<cfprocresult name = "qryPage">
52 : 			</cfstoredproc>
53 :


--------------------------------------------------------------------------------


Please try the following:
Check the ColdFusion documentation to verify that you are using the
correct syntax.
Search the Knowledge Base to find a solution to your problem.


Browser   Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)
Remote Address   192.160.51.70
Referrer
Date/Time   17-Jan-06 09:59 PM

Stack Trace (click to expand)
at
cfpage2ecfc4992745$funcLOAD.runFunction(/u05/dev_projects_2002/com/spiremedia/2k5/page.cfc:51)
at
cfApplication2ecfc1299132579$funcONREQUESTSTART.runFunction(/u05/dev_projects_2002/spiremedia2k5/Application.cfc:167)


coldfusion.sql.Parameter$DataTypeMismatchException: Invalid data &apos;
for CFSQLTYPE CF_SQL_INTEGER.
	at coldfusion.sql.Parameter.getMappingValue(Parameter.java:86)
	at coldfusion.sql.Parameter.getMappingValues(Parameter.java:38)
	at coldfusion.sql.InParameter.setStatement(InParameter.java:33)
	at
coldfusion.sql.ParameterList.setStatement(ParameterList.java:107)
	at coldfusion.sql.Executive.executeCall(Executive.java:561)
	at coldfusion.sql.Executive.executeCall(Executive.java:517)
	at coldfusion.sql.Executive.executeCall(Executive.java:477)
	at coldfusion.sql.SqlImpl.executeCall(SqlImpl.java:320)
	at
coldfusion.tagext.sql.StoredProcTag.doEndTag(StoredProcTag.java:193)
	at
cfpage2ecfc4992745$funcLOAD.runFunction(/u05/dev_projects_2002/com/spiremedia/2k5/page.cfc:51)
	at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:348)
	at
coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:258)
	at
coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:56)
	at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:211)
	at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:173)
	at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:192)
	at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:145)
	at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:1627)
	at
cfApplication2ecfc1299132579$funcONREQUESTSTART.runFunction(/u05/dev_projects_2002/spiremedia2k5/Application.cfc:167)
	at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:348)
	at coldfusion.filter.SilentFilter.invoke(SilentFilter.java:47)
	at
coldfusion.runtime.UDFMethod$ReturnTypeFilter.invoke(UDFMethod.java:294)
	at
coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:258)
	at
coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:56)
	at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:211)
	at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:173)
	at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:192)
	at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:145)
	at
coldfusion.runtime.AppEventInvoker.invoke(AppEventInvoker.java:55)
	at
coldfusion.runtime.AppEventInvoker.onRequestStart(AppEventInvoker.java:97)
	at
coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:195)
	at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
	at
coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:50)
	at
coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:52)
	at
coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
	at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
	at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
	at
coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
	at coldfusion.CfmServlet.service(CfmServlet.java:105)
	at
coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:78)
	at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:91)
	at
jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
	at
jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:257)
	at
jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:527)
	at
jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:204)
	at
jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:349)
	at
jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:457)
	at
jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:295)
	at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

More information about the VIM mailing list