Solved

SQL injuection query

Posted on 2006-06-21
4
595 Views
Last Modified: 2012-06-21
Hi,

I've trapped some SQL injection attempts on my web server.

I'm just wondering if anyone can tell me what this query would have done if it had succeeded?

id=90 And char(124)+Cast(IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00) as varchar(1))+char(124)=1

This was passed as a parameter on a page that would normally accept: category.asp?id=90
I'm particularly interested in what IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00) is..

Thanks!!
0
Comment
Question by:azaram
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 75

Assisted Solution

by:Aneesh Retnakaran
Aneesh Retnakaran earned 200 total points
ID: 16957260
Run this

select * from master..sysxlogins
WHERE sid = '0x730079007300610064006D0069006E00'

0
 
LVL 75

Assisted Solution

by:Aneesh Retnakaran
Aneesh Retnakaran earned 200 total points
ID: 16957264

from BOL
IS_SRVROLEMEMBER Indicates whether the current user login is a member of the specified server role

IS_SRVROLEMEMBER ( 'role' [ , 'login' ] )
0
 
LVL 16

Accepted Solution

by:
Swapnil Piparia earned 300 total points
ID: 16957288
Hi azaram,
IS_SRVROLEMEMBER function

Indicates whether the current user login is a member of the specified server role. it will check from following role and the hex code given your url string is for one of the following role.
sysadmin
dbcreator
diskadmin
processadmin
serveradmin
setupadmin
securityadmin

the try is make to check that the current sql login for fetching data for id 90 has access of which role if it

like s
select * from table where id =90 and char(124)+Cast(IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00) as varchar(1))+char(124)=1

means if login has this role right than it will return record otherwise not


Regards,
NetSwap
0
 

Author Comment

by:azaram
ID: 16957326
Thanks... so it looks like it's just fishing for holes..
I guess if the SQL injection was successful and also if the server role had admin access they may launch another attack to execute system commands and compromise the server.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
In SQL 2000 combine mulitple rows into a single row seperated by a semi colon 10 40
sql update 2 37
Copy data to New Year 9 33
Access #Deleted data 20 43
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question