From 33cd5d5055819d1d5b9e2b86a61cb7ff7e6ab079 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 31 Dec 2025 00:13:42 +0100
Subject: [PATCH] Implements #116

---
 data/shell/backdoors/backdoor.cfm_ | Bin 0 -> 299 bytes
 data/shell/stagers/stager.cfm_     | Bin 0 -> 453 bytes
 data/txt/sha256sums.txt            |   8 +++++---
 lib/controller/checks.py           |   2 ++
 lib/core/enums.py                  |   1 +
 lib/core/settings.py               |   2 +-
 6 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 data/shell/backdoors/backdoor.cfm_
 create mode 100644 data/shell/stagers/stager.cfm_

diff --git a/data/shell/backdoors/backdoor.cfm_ b/data/shell/backdoors/backdoor.cfm_
new file mode 100644
index 0000000000000000000000000000000000000000..dce65debacb46b88f33cd0e77f4a8b4232df143f
GIT binary patch
literal 299
zcmV+`0o48v?nY#YKFUUI?8HtI_Oe269td>{E6(e(GVK!7#zusNgg{=cSQO8=4T(jc
zve0L0TEw&1f|1D4o5BBBJe2-K(wv~!6Gmiv+CP=-;otY;r78`1aVKU_`B$CyM)T&9
z^Ax^<2%DtPC!@_2X5o7&4&QbcCm|8l_eTFxW#9m<d6p~nKkO}%v6Y~e=is6bw{$|t
z1OS9f66wjoE1nx8@28lVwZNu2c!PIhSdl_L8&U9eP$PNL;(f+G3i|CH9YUCGcgAKX
zJa6<jV4$kd^Sih&5&R)y$o_4p`;*jcTL_77VFmOlv(jI<RPc_cxlp!s@IWEhZyH@N
xDE>vtqX|Z-=K-OK0pw4;J*tlLDF$qzbO*<#o5Y5oXYFAscgM&otxEtul}Pebm#hE)

literal 0
HcmV?d00001

diff --git a/data/shell/stagers/stager.cfm_ b/data/shell/stagers/stager.cfm_
new file mode 100644
index 0000000000000000000000000000000000000000..8193566e523f79869a609c06815f7df5fd683263
GIT binary patch
literal 453
zcmV;$0XqH<?nY$@JC#Op@7VQJRO7&BNe&vo;(t;NL?HlP^df#(`5(LXQ~#1Fu@j-I
zO`BgD_5XjDEc8JR=B8g#YQG|Vrjr;vF(qSGCtlvBxzHhm#G<oCGDBM`i}U3H{m-)h
zaClY+LR0ILY>2N(a9~1z*LhEUp45DO^C1T^f?06{%_SoZ^TK3A_v_}x8`XTbz0M0x
zSD#G-vDHe7@?-PEQ`IF5@GpvZ=LNOO0RdU)I>n-hDzHJBQtnFd3o)vb+8|HqoXe-B
z)=D#OwuWYj5spx3(`}r`KtSR$n0iSr@`E&%C?_4?5~S8NSfilzmZInErfKtEe+AvB
zPzZKT>q9tFe1|2KLfzc<=J!EW@Hq##t0QCQ0S%H;Z@&SXw2L*=EQqcs*#bv~dO`YK
z(vZi$kG2mTusiOk#x;39DmZ-%csbK$+nyfm8|A8!W2Q8SD<}xQt_rrY*^D~)iA+J+
z?ZCv4{pj^W{WSeVg=t{tKE4KlGyoIY3lPuVDP)P5gZBj*%<#xf8DJ1@3CRzF8M!xN
vn8xYIZcVCagnR+=PO$)<BF0Y>v4$a8*uN9MyXh2pj&6$u@+0Yp_@^kLVwB!z

literal 0
HcmV?d00001

diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
index e0b7074cc..366433957 100644
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@@ -15,11 +15,13 @@ afb169095dc36176ffdd4efab9e6bb9ed905874469aac81e0ba265bc6652caa4  data/procs/mss
 7e3e28eac7f9ef0dea0a6a4cdb1ce9c41f28dd2ee0127008adbfa088d40ef137  data/procs/README.txt
 519431a555205974e7b12b5ecb8d6fb03a504fbb4a6a410db8874a9bfcff6890  data/shell/backdoors/backdoor.asp_
 fbb0e5456bc80923d0403644371167948cefc8e95c95a98dc845bc6355e3718f  data/shell/backdoors/backdoor.aspx_
+01695090da88b7e71172e3b97293196041e452bbb7b2ba9975b4fac7231e00a5  data/shell/backdoors/backdoor.cfm_
 03117933dcc9bfc24098e1e0191195fc4bafb891f0752edee28be1741894e0e5  data/shell/backdoors/backdoor.jsp_
 2505011f6dcf4c1725840ce495c3b3e4172217286f5ce2a0819c7a64ce35d9df  data/shell/backdoors/backdoor.php_
 a08e09c1020eae40b71650c9b0ac3c3842166db639fdcfc149310fc8cf536f64  data/shell/README.txt
 a4d49b7c1b43486d21f7d0025174b45e0608f55c110c6e9af8148478daec73d1  data/shell/stagers/stager.asp_
 1b21206f9d35b829fdf9afa17ea5873cd095558f05e644d56b39d560dfa62b6e  data/shell/stagers/stager.aspx_
+8a149f77137fc427e397ec2c050e4028d45874234bc40a611a00403799e2dc0b  data/shell/stagers/stager.cfm_
 c3a595fc1746ee07dbc0592ba7d5e207e6110954980599f63b8156d1d277f8ca  data/shell/stagers/stager.jsp_
 82bcebc46ed3218218665794197625c668598eb7e861dd96e4f731a27b18a701  data/shell/stagers/stager.php_
 26e2a6d6154cbcef1410a6826169463129380f70a840f848dce4236b686efb23  data/txt/common-columns.txt
@@ -160,7 +162,7 @@ df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264  extra/shutils/
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  extra/vulnserver/__init__.py
 eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df  extra/vulnserver/vulnserver.py
 96a39b4e3a9178e4e8285d5acd00115460cc1098ef430ab7573fc8194368da5c  lib/controller/action.py
-16487b3d984b9020cc68c0e4e079759a8990d05173f2496f7de30643ac772fe2  lib/controller/checks.py
+cd63cfc6b00c5e47462cd4a35b3a79306d6712f9d607d5c784f9e946f92a8a7f  lib/controller/checks.py
 34e9cf166e21ce991b61ca7695c43c892e8425f7e1228daec8cadd38f786acc6  lib/controller/controller.py
 49bcd74281297c79a6ae5d4b0d1479ddace4476fddaf4383ca682a6977b553e3  lib/controller/handler.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/controller/__init__.py
@@ -175,7 +177,7 @@ b22decc8389c94a13f1adf07eb343cf3b2aae3fb3909fd4107e24bbede7c7deb  lib/core/datat
 d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900  lib/core/defaults.py
 a8b398601dae3318d255f936f5bb6acd25ffdc8ef6d6b713ad89ee7136d1c736  lib/core/dicts.py
 20a6edda1d57a7564869e366f57ed7b2ab068dd8716cf7a10ef4a02d154d6c80  lib/core/dump.py
-2ca709fb52b4a1bc83cfe2acdad7e7d4dca1fee6a775e9290f0f1f517955d0b9  lib/core/enums.py
+20ea31bb52785900d6bba5e9f2f560a4ed064cb95add75015de105959aa9c4d4  lib/core/enums.py
 00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856  lib/core/exception.py
 1c48804c10b94da696d3470efbd25d2fff0f0bbf2af0101aaac8f8c097fce02b  lib/core/gui.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/core/__init__.py
@@ -188,7 +190,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readl
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-8e38e7d895f946b8631b9a93e4a52936fd309213816fd9db6f3458b977f49cf8  lib/core/settings.py
+7ecfd20fbe5f288d763802fea342fc2c05fb871c4e07a83b9840112de71d15a1  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 1a9e1ebd4..136cbb2cd 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1095,6 +1095,8 @@ def heuristicCheckSqlInjection(place, parameter):
             errMsg += "int.TryParse(Request.QueryString[\"%s\"], out %s)" % (parameter, parameter)
         elif platform == WEB_PLATFORM.JSP:
             errMsg += "%s=Integer.parseInt(request.getParameter(\"%s\"))" % (parameter, parameter)
+        elif platform == WEB_PLATFORM.CFM:
+            errMsg += "%s=Val(url.%s)" % (parameter, parameter)
         else:
             errMsg += "$%s=intval($_REQUEST[\"%s\"])" % (parameter, parameter)
 
diff --git a/lib/core/enums.py b/lib/core/enums.py
index 6baec9436..7bea773ca 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -372,6 +372,7 @@ class WEB_PLATFORM(object):
     ASP = "asp"
     ASPX = "aspx"
     JSP = "jsp"
+    CFM = "cfm"
 
 class CONTENT_TYPE(object):
     TARGET = 0
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 898803167..5bf4b3c49 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.12.49"
+VERSION = "1.9.12.50"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)