bobPUNKbob
asked on
Decode SQL Injection
My server caught and stopped the SQL injection below but I wanted to find out what the hacker was trying to accomplish (if I hadn't stopped it)? -Thanks!
This was the first attempt (I already URL decoded it):
ID=999999.9 UNION ALL SELECT 0x31303235343830303536--
and then they tried the above injection 31 more times (in 1 second intervals), except each time they added another 0x31303235343830303536, and so the 32nd attempt looked like this:
ID=999999.9 UNION ALL SELECT 0x31303235343830303536,0x3 1303235343 830303536, 0x31303235 3438303035 36,0x31303 2353438303 03536,0x31 3032353438 30303536,0 x313032353 4383030353 6,0x313032 3534383030 3536,0x313 0323534383 0303536,0x 3130323534 3830303536 ,0x3130323 5343830303 536,0x3130 3235343830 303536,0x3 1303235343 830303536, 0x31303235 3438303035 36,0x31303 2353438303 03536,0x31 3032353438 30303536,0 x313032353 4383030353 6,0x313032 3534383030 3536,0x313 0323534383 0303536,0x 3130323534 3830303536 ,0x3130323 5343830303 536,0x3130 3235343830 303536,0x3 1303235343 830303536, 0x31303235 3438303035 36,0x31303 2353438303 03536,0x31 3032353438 30303536,0 x313032353 4383030353 6,0x313032 3534383030 3536,0x313 0323534383 0303536,0x 3130323534 3830303536 ,0x3130323 5343830303 536,0x3130 3235343830 303536,0x3 1303235343 830303536- -
When I tried converting 31303235343830303536 from HEX to ASCII, I got 1025480056, but what the heck is that and what does it mean to SQL server?
This was the first attempt (I already URL decoded it):
ID=999999.9 UNION ALL SELECT 0x31303235343830303536--
and then they tried the above injection 31 more times (in 1 second intervals), except each time they added another 0x31303235343830303536, and so the 32nd attempt looked like this:
ID=999999.9 UNION ALL SELECT 0x31303235343830303536,0x3
When I tried converting 31303235343830303536 from HEX to ASCII, I got 1025480056, but what the heck is that and what does it mean to SQL server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
select replicate(convert(varchar, 0x31303235 3438303035 36),32)
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
He is trying to do this