> An IP from the Ukraine was attacking my contact form with name values like: > > "John 1) declare @q varchar(8000) select @q = > 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --"
Indeed, this looks like an initial reconnaissance injection to see if other commands would work (that hex value decodes to WAITFOR DELAY '00:00:15'). This would cause a page load to be delayed a short period so they know the command executed on the database server before moving on to more interesting attacks. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350345 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
