| SitePoint Sponsor |
|
|
User Tag List
Results 1 to 4 of 4
-
Sep 22, 2008, 11:41 #1SitePoint Enthusiast
- Join Date
- Sep 2008
- Posts
- 94
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
What does this URL attempt to do?
What exactly is someone attempting by accessing this url on my site?
Obviously they are trying to set a variable and execute the contents. But what are they attempting exactly and under what conditions would it be successful? ThanksCode:/?;DECLARE @S CHAR(4000);SET @S=CAST(0x4445434 <snipped about 1200 chars> 736F72 AS CHAR(4000));EXEC(@S);
~
-
Sep 22, 2008, 14:16 #2Programming Team
- Join Date
- Jul 2005
- Location
- West Springfield, Massachusetts
- Posts
- 15,107
- Mentioned
- 112 Post(s)
- Tagged
- 1 Thread(s)
I'm sure the answer is in the "snipped about 1200 chars".
I'm also sure the code is obfuscated. To see what it "tranlates" to, if you're willing to take the chance (carefully weigh the risk against your curiosity), run the code without the exec(). Instead try changing that to echo(@s) - PHP, or document.write(@s) - javascript.10 Rules for Driving Traffic Using Forums | Ultimate SEO Checklist
External links are nofollow
How to be a Great Online Community Member
Member of the Month for December 2013
Free SitePoint book - Thinking Web: Voices Of The Community
The 2013 SitePoint Awards - Nominations closed - Voting to begin soon
Introducing the new Code Review Forum
This Week in JavaScript
-
Sep 22, 2008, 14:16 #3SitePoint Addict
- Join Date
- Dec 2007
- Posts
- 358
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
This may be successful when your site has SQL injection. For example, when it queries database for content which corresponds current URL and the URL is not escaped then you may have SQL injection.
-
Sep 23, 2008, 08:07 #4SitePoint Mentor
- Join Date
- Mar 2003
- Location
- In tha fruit cellar
- Posts
- 1,374
- Mentioned
- 30 Post(s)
- Tagged
- 1 Thread(s)
Bookmarks