Solved

SQL injuection query

Posted on 2006-06-21
4
590 Views
Last Modified: 2012-06-21
Hi,

I've trapped some SQL injection attempts on my web server.

I'm just wondering if anyone can tell me what this query would have done if it had succeeded?

id=90 And char(124)+Cast(IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00) as varchar(1))+char(124)=1

This was passed as a parameter on a page that would normally accept: category.asp?id=90
I'm particularly interested in what IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00) is..

Thanks!!
0
Comment
Question by:azaram
  • 2
4 Comments
 
LVL 75

Assisted Solution

by:Aneesh Retnakaran
Aneesh Retnakaran earned 200 total points
ID: 16957260
Run this

select * from master..sysxlogins
WHERE sid = '0x730079007300610064006D0069006E00'

0
 
LVL 75

Assisted Solution

by:Aneesh Retnakaran
Aneesh Retnakaran earned 200 total points
ID: 16957264

from BOL
IS_SRVROLEMEMBER Indicates whether the current user login is a member of the specified server role

IS_SRVROLEMEMBER ( 'role' [ , 'login' ] )
0
 
LVL 16

Accepted Solution

by:
Swapnil Piparia earned 300 total points
ID: 16957288
Hi azaram,
IS_SRVROLEMEMBER function

Indicates whether the current user login is a member of the specified server role. it will check from following role and the hex code given your url string is for one of the following role.
sysadmin
dbcreator
diskadmin
processadmin
serveradmin
setupadmin
securityadmin

the try is make to check that the current sql login for fetching data for id 90 has access of which role if it

like s
select * from table where id =90 and char(124)+Cast(IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00) as varchar(1))+char(124)=1

means if login has this role right than it will return record otherwise not


Regards,
NetSwap
0
 

Author Comment

by:azaram
ID: 16957326
Thanks... so it looks like it's just fishing for holes..
I guess if the SQL injection was successful and also if the server role had admin access they may launch another attack to execute system commands and compromise the server.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Performance is the key factor for any successful data integration project, knowing the type of transformation that you’re using is the first step on optimizing the SSIS flow performance, by utilizing the correct transformation or the design alternat…
Let's review the features of new SQL Server 2012 (Denali CTP3). It listed as below: PERCENT_RANK(): PERCENT_RANK() function will returns the percentage value of rank of the values among its group. PERCENT_RANK() function value always in be…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now