Cold Fusion and Sql Injection

I am performing a web application penetration test by using SQL Injection method.The site uses Cold fusion. My problem is that anything I pass as a parameter to a field and I get the following error.

ODBC Error Code = 22005 (Error in assignment)

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value ‘my parameter here’ to a column of data type int.

For example, if I place a simple quote I get the following:

Syntax error converting the nvarchar value ‘’’ to a column of data type int.

Or if I place a @@Version function I get the following:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Syntax error converting the nvarchar value ‘@@Version’ to a column of data type int.

Etc..

Normally, when you pass a single quote as a parameter, the Server returns the following:

ODBC Error Code = 37000 (Syntax error or access violation), and the error message is normally ‘Incorrect syntax error …’ OR ‘Unclosed quotation mark …’

Does anyone know how to solve this problem?Can anyone tell me what really happens behind it? I mean how the cold fusion application handles input validation in conjunction with ODBC driver?Does cold fusion use special functions for input validation?

Thank you for your time,

George  

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980